Saturday, August 23, 2003

Figuring out what happened

Tech Republic has an article about discovering, and collecting evidence from, a compromised system. The article describes a compromise that many a NSO has discovered, a Serv-U FTP server hosting up files being traded on IRC.

For this type of compromise (and many others), the legal response varies (at least for now). Goverment organizations tend to investigate fully, gathering as much information as possible (it doesn't happen to them all that much). Educational networks tend to just wipe an d rebuild (it happens to them quite often due to the open nature of their networks). Corporations tend to be binary about the issue; some will investigate, others will "hide & forget that it happened".

Anyways, the article is a good read about an investigation into an all-too-common problem.