[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

What are some programs to use to trace spoofers?



ALL,

Our Primary DNS has been broken into twice in the last week.  The first
time it happened I noticed the hacker used named for means of gaining
entry.  This guy was good at hiding his/her tracks so we reinstalled the OS
and left a minimum install to see if it was done again.  We logged all
goings on from a secure remote machine.  We got the hacker's IP address and
even some of what he/she did on the box.  But the IP was spoofed.  I heard
there was a way to trace a spoofed IP ( I know tracing can't be done after
the fact).  Any ideas?  And what are some good programs out there to do so?
 There is a chance that the hacker attempted a connection to see if the box
was still up before he/she spoofed the IP.  I have logs of someone
telnetting to the box a few minutes before the actual attack with a valid
domain name.  Any ideas anyone?

Jim
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-Jim Conner						|	3100 New York Dr.
-Earthlink Network					|	Pasadena, CA 91107
-Support Operations Center		|	(626) 296-3017 or (626) 296-3018



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]