[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: Machine hacked !
- From: "Darren R. Weber" <weberdr bellsouth net>
- To: redhat-list redhat com, Ashley Thomas <athomas unity ncsu edu>
- Subject: Re: Machine hacked !
- Date: Sat, 1 Sep 2001 16:40:58 -0400
On Friday 31 August 2001 14:20, Ashley Thomas wrote:
> What if a Linux machine is hacked ?
> How do we detect it ? or make sure it is hacked infact .
> I guess : ps , top, tcpdump etc can be helpful ..
>
> any pointers ?
>
> Ashley Thomas wrote:
> > If a windows machine is hacked/ has some virus, how do we analyse the
> > situation and take appropriate steps.
> >
> > The question is very vague but could you suggest some 'basic' steps
> > that anyone could do in such a case.
> >
> > thanks
> > ashley
>
Well I don't know what to tell you if you don't have any info on how they got
in or what was done other than to carefully check log files and maybe do a
search on your filesystem based on the creation date to see if you can find
what has been changed.
If you want to prevent this sort of thing though I have a suggestion. We
recently started running snort on our network at work and using the acid
analisys tool. . .very cool stuff!! We did it to track down the machines
that were trying to infect windows boxes with code red. We not only
pinpointed the infected machines but were amazed to find other machines
sending out all sorts of bad stuff. . . and god help anyone who runs an
unauthorized scan. . .we'll have them caught in minutes!!
Good luck
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Darren R. Weber
weberdr bellsouth net
ICQ# 2849193
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]