On Fri, 17 Sep 1999 gbruchhaus@makrolog.de wrote:
Ya, I did it, but rr.com seems to be a big provider in US, so the cracker could hide his attack in the dynamic IP-Adress
Normally it should be possible for a provider to identify his client by IP-adress, date and time. Peter
rr.com (RoadRunner) is a cable system ISP. They provide access on cable TV networks here in the U.S. Although the IPs are dynamic they change very rarely. ISPs are required to keep connection logs here in the U.S. rr.com does not offer dial up so it should be very easy to track. Cable modems are a high source of abuse. If the legitimate person on the network was not directly responsible for the attack he/she has allowed a malicious person to use their connection by have a poorly administered machine or by using some stupid program like wingate that is improperly installed/configured. I recommend denying all traffic from *rr.com and *home.com. Too many children with high speed access that have nothing better to do than break into your machines. Mario