The only way to trace it to an individual would be to take these steps:
Trace the IP to the specific computer or to an IP log showing when this
computer was being used (at my school a pool of computers uses either the
same IP or a different one for each PC depending on which lab you go to).
Hopefully there is a login procedure to use the computer showing when the
user logged in and his/her identity and any scripts that were run.
With your information, hopefully you have times for when this attack took
place, you would be able to match up who logged in around the time the
attack was committed and find a user to match this up to.
I know at my school that if an IP was traced back they would never be
able to tell who did it, only what PC it was done from since there is no
monitoring of the lab, no active log showing a login procedure, and no
login procedure to use the Windows PCs which have full access to all the
resources one would need to perform such an attack.
Questions - Where exactly was the attack committed? What IP was it traced
back to i.e. which University? What kind of attack was it? What
eventually occurred because of this attack?
I hope I've been somewhat helpful. Based on my limited knowledge of the
subject and experiences with IP tracing this is what I have come up with.
If anyone knows of more information on how to handle this or if I have
not been clear on this then please post and tell me otherwise.
----------
From: kathleen butler
Sent: Wednesday, October 23, 1996 5:37 PM
Subject: <NONE>
Importance: Low
In a recent attack by a person at a university, we were able to determine
the
IP address, which was at a university, but could not establish who was
responsible. (The individual was in a pool of computers that they could
log
on
to). Is there a way to determine which student was responsible? Also, if
I
use
DHCP internally, is there a way to match an IP address to a user for any
specific transaction?
|
|
