[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Steph Foster wrote: > > Well I agree you aren't responsible for other peoples actions but you > have to persuade the police that it was somebody else when / if they > come knocking on your door. Given what it takes to get the Police to investigate IT based crime, it would have to be something pretty dramatic I suspect. Look at it this way, 140,000 PCs connected to our mail servers and attempted to con our clients out of money with various phishing scams this week, and (visible) police activity against this is zilch. The McColo take down reduced global spam significantly. Is estimated to have been involved in ~500,000 incidents of fraud, and so far as I know not a single arrest. The "take down" was done by ISPs working together. Okay that was in the US, but the situation isn't any better here. These days BT Ignite is the source of much of our spam at work, most of it doesn't seem to be obviously fraudulent, but I bet some of it is. McColo is not unconnected, a substantial number of those phishing bots are Cutwail, which was one of the bot nets previously run out of McColo. Of all the crap I've dealt with at work with my "abuse@" hat on, the only things that have prompted official UK interest, was one pharmacy site (which occurred only when the MHRA desperately needed a good headline, after the news was full of rotten body parts), and one active investigation (for petty crime, and is probably the least important thing the police could be using their investigative powers to address). Sure this stuff is difficult to track down, but it ain't that hard (the Journalist who exposed McColo (Brian Kreb) did the journalist things of working up from the Post room, so not exactly some technical guru before joining Newsbytes.com, but he knows how to investigate. > I'm sure they wouldn't be easily convinced and would likely seize your > computers first and ask questions after. > > Is it really worth the possible aggro ? Lots of folk run open access points. I did for a long time, and may do again. Certainly when I have bunches of techies over I disable encryption, and they are the most suspect of the lot, as they know what they are doing! There is the opposite point of view - plausible deniability, that if your access point is locked down, the police will assume anything bad (their definition not yours) that happens was you (or someone in your house), even if it wasn't. Worst case - keep the DHCP log, and if the police call give them the MAC address of the offending machine. That said if folks were abusing the privilege I'd just pull it, or blacklist them. But statistics without redirecting the traffic - would depend on what the switch (or router) can report, or detailed topology. Many WAP will report bandwidth since connected in various forms, might be able to pull it off by SMTP or similar, but sounds like a lot of work for no gain. Simon -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html