[CLUE-Tech] Hack attempt
Gus Huber
gus at pbx.org
Mon Aug 6 18:45:40 MDT 2001
One of the easiest ways to detect most hacks is to load a new copy of
'find' and look for files modified after the suspected incident.
Unless the intruder is creative (IE kernel modifications to not
show files, libc replacements, etc) this will probabaly show
up files left by the intruder. They could also have cleaned
well and changed the times on binarys infected, but if you have
good md5 hashes of your binarys that match you should be fine.
However, most likely the 'hacker' was using one of the many
automated 'cracking tools' that also send DOS attacks. chances
are your system is fine, and unless it houses 'important data',
the intruder will most likely not return..
cheers,
gus huber <gus at pbx.org>
- some punk kid with a bunch of routers -
On Mon, Aug 06, 2001 at 10:37:14AM -0700, grant wrote:
> Yes, I am running the SuSE intrution detection. No checked files are
> changed. PostgreSQL is available, because I use it from remote. However,
> rather than the default security settings, I have it set to use pg_shadow
> passwords from everywhere, even local.
>
> My biggest concern is in detection of rootkits.
>
> ______________________________________________________________________________
>
> Your mouse has moved.
> You must restart Windows for your changes to take effect.
>
> #!/usr/bin/perl
> print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);
>
>
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech
More information about the clue-tech
mailing list