RootPrompt.org: Cracked! Part 2: Watching and WaitingMay 10, 2000, 12:37 (0 Talkback[s])
(Other stories by Noel)
[ Thanks to Noel for this link. ]
"This is the second part of the story of a community network that was cracked and what was done to recover from it. The first part Cracked! Part1: Denial and truth details the report that leads to the discovery that the community network was indeed cracked and some of the initial reactions. This article talks about how they learned more about the cracker and what they did next."
"We were still very concerned that if the cracker realized that we were on to him he would just trash the system to cover up his tracks. We did not feel that we had any way to be sure that we could get all of the backdoors that he could have installed due to length of time that he had been on the system. But at the same time we needed to learn more about what he was doing and were he was coming from. We also hoped that we could gather clues about how he had gotten in. So we decided to run a sniffer to watch what he was doing."
"...I set up a sniffer to watch for traffic going to the ISP and some of the sites we had suspected he was coming from. We thought that by watching him to see were he was coming from and what he was doing that we could get some idea of who he was, what his motivations were and most important what he was doing. We also thought that we could use this to find out what kind of skills he had. Was he a script kiddie, or a super cracker like it was claimed?"