RootPrompt.org: Cracked! Part 2: Watching and Waiting

[ Thanks to Noel
for this link. ]

“This is the second part of the story of a community network
that was cracked and what was done to recover from it. The
first part Cracked! Part1: Denial and truth details the report that
leads to the discovery that the community network was indeed
cracked and some of the initial reactions. This article talks
about how they learned more about the cracker and what they did
next.”

“We were still very concerned that if the cracker realized that
we were on to him he would just trash the system to cover up his
tracks. We did not feel that we had any way to be sure that we
could get all of the backdoors that he could have installed due to
length of time that he had been on the system. But at the same time
we needed to learn more about what he was doing and were he was
coming from. We also hoped that we could gather clues about how he
had gotten in. So we decided to run a sniffer to watch what he was
doing.”

“…I set up a sniffer to watch for traffic going to the ISP and
some of the sites we had suspected he was coming from. We thought
that by watching him to see were he was coming from and what he was
doing that we could get some idea of who he was, what his
motivations were and most important what he was doing. We also
thought that we could use this to find out what kind of skills he
had. Was he a script kiddie, or a super cracker like it was
claimed?”

Complete
Story