Final Caveats
Those who are experienced in attack tracing know that tracing the source of attacks is by no means easy. Attackers usually do everything in their power to cover their tracks. One time-proven method they use is to “leapfrog” from one host to another to another. By the time an attack goes through six or seven intermediate hosts, it is very difficult to use the direct trace method let alone the indirect trace method. The reason we raise this point is not to discourage you, but rather to once again remind you that when you are dealing with attacks, you must usually make a large number of decisions.
First and foremost, adhere to your organization’s policy concerning attack tracing. If the policy dictates that attacks must not be traced ...
Get Incident Response: A Strategic Guide to Handling System and Network Security Breaches now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
