[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: hacked

From: David Tonhofer <d tonhofer m-plify com>
To: General Red Hat Linux discussion list <redhat-list redhat com>
Subject: Re: hacked
Date: Fri, 13 Oct 2006 21:15:46 +0200

Tenacious One wrote:

Hmm, don't just focus on the server, and don't do anything drastic toalert
that you're onto him/her!
Goto your permeter devices and turn on logging like mad(routers/firewall)so you can codify events (assuming that he/she is coming from theoutside).Also, on the inside, pop in a sniffer on that subnet and captureeverything
- if you can't read the traffic at least you can start homing-in on where
it's originating, and that might divulge what programs/services are been
hacked... START A CHAIN-of events!!!! Document everything you notice and
what you do/did but try not to change the system - if it goes to court
you'll need it. Wish I could offer more but I'm not a unix/linux expert
(yet). Please keep us informed to let us know the progress.


Two cents:

If you DONT intent to go to court, just grab a quick view of what's

going on, from where the cracker connects, dump the disks to someplaceofflinewhere you can check them later if you ever have the time/inclinationthen wipe themachines and reinstall with added security precautions (SELinux,tripwire, chrooting

etc.) Because of course the infection will be back otherwise.

If the baddie uses the servers to attack others, you might become liable.
NOT good.

References:
- hacked
  - From: Steve Buehler
- Re: hacked
  - From: mark
- Re: hacked
  - From: Manuel Arostegui Ramirez
- Re: hacked
  - From: Tenacious One

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]