[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: What to do about cracker?

From: Phillip Ching (605.734.71) <pching aplcenMP apl jhu edu>
To: redhat-list redhat com
Cc: pching aplcenMP apl jhu edu
Subject: Re: What to do about cracker?
Date: Thu, 3 Sep 1998 13:14:41 -0400 (EDT)

Hi Mike,

Sorry to hear that someone did a bad (crime!) thing to you.
I am puzzling this kind of incident myself. But can you tell
me how can that happen?

Is your server a Web server? Was the cracker just a Web visitor?
Or, did the cracker dialed into your server via a modem?

Just try to understand. 

Thanks!
Philip
 
 
> While I was away on vacation, someone broke into our Redhat 5.0 server
> via an imap attack. I have a record of most of what he did 
> (partially thanks to dumpfs and the Linux undelete faq), and 
> after talking to a couple other administrators, I've managed to come 
up 
> with the probable individual's name, address and telephone number in 
> Florida.  
> 
> However, the police here in Canada say that probably nothing will ever 
> come of it since it would be pretty expensive to prosecute- probably 
more 
> than our small company can afford, especially given the distances and 
time 
> involved.  We also called local police in the US and the FBI, but they 
> point us back to the RCMP here.  I seriously doubt that the RCMP have 
the 
> resources to deal with this sort of thing.
> 
> Does anyone know of any other organizations that might be able to help 
us 
> or have any other advice?  Never having dealt with this sort of thing 
> before, I'm not sure what our next step should be.  Any ideas would be 
> much appreciated.
> 
> Anyway, this was quite an eye-opener for me; I was pretty shocked to 
look 
> at the data files the attacker was using where huge numbers of IP 
> addresses were being scanned for possible weaknesses.  Number 1 on the 
> list of weaknesses was the imapd bug in RedHat 5.0, and he uncovered 
> hundreds of these machines.  (Yikes!)  Once he gained access (and set 
up 
> an IRC bot), he commenced attacking other servers with various 
programs, 
> such as 'smurf'.... 
> 
> I guess the lesson here is "keep up to date and download those 
security 
> patches".  
> 
> -Mike
> 


-- 
  PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST 
ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips 
/mailing-lists
         To unsubscribe: mail redhat-list-request redhat com with 
                       "unsubscribe" as the Subject.




______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]