Slide 4 of 70
Notes:
Confirmed activity through network traffic logs, identified account through authentication logs, checked previous incidents involving XXX through our incident tracking system.
I received a phone call @home from an ISP in California while I was playing with my kids. The ISP claimed that they had been compromised from an OSU IP address. Earlier in the day they had been in an IRC (Internet Relay Chat) conversation with someone u
I confirmed the attacks through our network traffic logs. Some quick work with our authentication logs for the modem pool revealed that the account used to authenticate belonged to a student in our medical school - an unlikely cracker. A quick look thro
Tentative conclusion: someone (not the med student) had a way to steal accounts, and was using them to gain free access to the internet through our modem pool, where they'd wreak mischief.
