How to catch a cracker in the US?

Jimmy Hess mysidia at
Thu Mar 13 05:52:19 UTC 2014

On Tue, Mar 11, 2014 at 2:00 AM, Markus <universe at> wrote:

> Hi,

Your goal should be to keep together and preserve all the
evidence/documentation you have: make sure you have and can verify the
authenticity and chain of custody for all relevant materials that you say
evidence attacks and their source,  including your "trap" and how that
works,  and how it proves the apparent source/origin,   contact the local

By the way, without surveillance of the source network, it is  really quite
impossible to 100%  prove  that a given IP address is not running a bot and
not being used as a proxy or traffic relay.

This does not necessarily preclude contacting Comcast as well, to request
they preserve records.

> I'm an ISP in Germany and a cracker (not a hacker :) ) has targeted a
> customers of mine in the last days. The cracker was successful and caused
> financial damage / was successful with data theft. I set a trap and finally
> caught his real IP address - a Comcast user in the US (100% not a proxy or
> bot). What would be the next steps to pursuit him? If I contact local
> authorities here in Germany I'm afraid months will pass by and Comcast will
> have possible already deleted their logs by then (?). Any advice?
> Thank you!
> Markus


More information about the NANOG mailing list