Date: Tue, 04 Jan 2000 16:42:01 -0500
From: G.
Subject: situation update
To: john.copeland@ece.gatech.edu
Prof. Copeland, did you get the mail with the URL for the log
files?
I got your phone message, but got a busy signal or nothing but
rings when I tried to call it. The people at CERT have not responded
to my requests for help. Apple has been of next to no help.
Your e-mail and phone call made it seem like you are interested
so here is an update on the situation as it stands right now :
I noted that there were no hits to my firewall at all
during the timeframe of the attack. This leads me to believe that
the attack occurred on the ping/udp level, below the capabilities
of my firewall (DoorStop). It also appears that they left no footprints
on my machine however, I am not completely positive of that.
At this point xxx is being very disagreeable (naturally). They
have told me only that the attack was made on their ... DHCP server.
They tell me that legally they do not have to answer my questions
and have invoked that right on almost every opportunity. Xx has
terminated my [cable modem] and Cable TV service and reclaimed
their hardware according to the terms of the service agreement.
Seems like "guilty until proven innocent" to me.
They say they will only consider restoring service if I implement
a solution on my end to prevent the problem from occurring again.
Only consider. What might that solution be?
In their investigation xxx determined that an attack came from
my cable modem and my machine in particular . . . and state that
I was not running MacOS9 at the time (I was). They will
not reveal the source of this information.
I have also been given a strong impression that they do not believe
that it is possible that someone else perpetrated this attack
through my computer. A xxx representative stated that due to the
fact that my roommate works as a cashier at xxx he would have
sufficient knowledge to have implemented the attack - he does
not.
They have not claimed that I/we perpetrated the attack,
have not explained anything to us and seem to be assuming we are
at fault (my roommate and I).
Is there anything I can do? As a . . . professional and student
this could potentially ruin my career and we both want very badly
to clear our names of any involvement in this attack.
Any help you might provide would be invaluable to us. Please feel
free to call me at work (xxx) or at home again (xxx) if you wish.
Thanks for your time,
G