[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IDS: Identification

To: ids@uow.edu.au
Subject: IDS: Identification
From: Mark Squire <MSquire@desonline.com>
Date: Fri, 2 Feb 2001 07:48:21 -0800


    [ Part 1, Text/PLAIN (charset: ISO-8859-1 "Latin 1")  9 lines. ]
    [ Unable to print this part. ]

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]


Greetings all,
One of my first posts here.  Lets say an active intruder has been
identified on the network, and lets say myself, the security analyst is
able to sniff his connection to see what he is up to.  Once his
connection is sniffed, is there a reliable way to trace all of his
actions back to his original IP and gateway?  Would that information be
in his packets themselves, or would I have to do some kind of traceroute
trickery?

C:\Mark

Next by Date: Re: IDS: Identification
Next by thread: Re: IDS: Identification
Index(es):
- Date
- Thread