>>In a recent attack by a person at a university, we were able to
>>determine the IP address, which was at a university, but could
>>not establish who was responsible. (The individual was in a
>>pool of computers that they could log on to). Is there a way
>>to determine which student was responsible?
I think you're stuck with whatever the site is using for security/logging. We
worked with a client a few months ago on a similar EDU problem, but the EDU used
Kerberos and other granular logging which allowed _them_ to identify the
student. (Don't know what happened, the client and the EDU worked it out w/o
I suppose if you're quick you could ask for the campus cops to take latent
prints from the keys. Yeah, right....
Dave Kennedy CISSP Dir Research, Nat'l Computer Security Assoc