The sad thing is, until you have a court order, the other ISP isn't necessairly obligated to help you. There is no law stating that they have to turn logs over to you. It's usually up to the other admins, but every time I've had this problem, we've gotten really good responses from the offenders provider. I don't know who you spoke with, but you might try going to an owner if you only spoke to an admin. Owners tend to take attacks coming from their sites a lot more seriously than admins do, and would probably be a much better point of contact. I'm sure given the fact that your business is severely effected by these attacks and that it would be greatly appreciated if he'd/they'd help you out before the story broke the news (what hurts a business more than bad publicity?) and you'd really like him to cooperate fully. After niceness hasn't worked, you could always threaten with a civil suit of some kind... Just remember to be nice before you start playing hardball. Regards, Joe Shaw - jshaw@insync.net NetAdmin - Insync Internet Services "Learn more, and you will never starve." - Paraphrase of Lee On Mon, 28 Jul 1997, Dave Rand wrote:
I'm tracking down an individual that has attacked both my personal site, as well as one of my customers' sites. In this particular attempt, when his 'normal' site was blocked by IP address, he immediately started to use dial-up sites all over his local area, then ranged further into the US.
On my system, he had installed a password sniffer. I suspect that this was a common mode of operation for him.
Naturally, I logged all of the attempts at the router level. I emailed the logs to the origin ISPs, and (with one notable exception) was met with huge indifference. In the queries, I am asking only for a confirm/deny of the user's name - I am not asking the ISP's involved to release the name of the dialup users. That, of course, will come later. Right now, I'm just trying to confirm that the same individual is launching the attacks.
A police report has been filed, and a restraining order will be served tommorow.
What's a better way to ask for, and obtain log information in a timely fashion? Wait 6 months for a court trial, when everyone has purged their logs?
Clues would be appreciated.
-- Dave Rand dlr@bungi.com http://www.bungi.com