honeynet's immense work at : www.honeynet.org
Yes tripwire or aide is what you need for sure.
As far as the files are concerned, mostly the files used for routine admin purpose are
changed by intruders.
If you look at major rootkits, they mostly replace the following files:
ps
ls
w
/bin/login
s
What you are asking for is impossible. The exploits are discovered and
passed around all the time...
What you should consider is a file integrity assessment application. We use
Tripwire and it is good. The docs are available from the files area on their
sourceforge website.
That, plus a well co
Can anybody point me to a list or email me a list of the files on a redhat
system that are the files that hackers would replace if they got
in. Basically, I want to be able to restore these files easily if I ever
need too. If I have a list of them that I can backup, than it would be
easier t
EMAIL PROTECTED]]
Sent: Friday, May 03, 2002 9:24 AM
To: [EMAIL PROTECTED]
Subject: Re: How can I take action on the hacker if I manager to get his IP
address
I downloaded and ran the nmap program on one all of my servers. Does the
"shell" really need to be on? I noticed that only on
se, thanks for your help"...
> >Jim.
> >
> >- Original Message -
> >From: "Tsing Moh Lim" <[EMAIL PROTECTED]>
> >To: <[EMAIL PROTECTED]>
> >Sent: Friday, May 03, 2002 2:26 AM
> >Subject: How can I take action on the hacker
inal Message -
>From: "Tsing Moh Lim" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Friday, May 03, 2002 2:26 AM
>Subject: How can I take action on the hacker if I manager to get his IP
>address
>
>
>> My server was hack and I managed to ca
hanks for your help"...
Jim.
- Original Message -
From: "Tsing Moh Lim" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, May 03, 2002 2:26 AM
Subject: How can I take action on the hacker if I manager to get his IP
address
> My server was hack and I man
My server was hack and I managed to capture the ip address with date and time
on a remote logging system.
How can I take action against him or warn him ? ?
Is there a tool that I could use to check on my server vulnerability.
Thanks and regards
Moke
__
%-> A recent popular method of gaining root access to some
%-> networked machines
%-> involved exploitation of the NXT record buffer overflow in
%-> BIND; it became
%-> so popular in later March that CERT put out a new advisory on
%-> the problem
%-> which had been the subject of an advisory last
deny
> ie: 60400:ALL
>
>
> > -Original Message-
> > From: Brad [SMTP:[EMAIL PROTECTED]]
> > Sent: Sunday, May 14, 2000 9:07 PM
> > To: [EMAIL PROTECTED]
> > Subject:there's a hacker!
> >
> > Dear all,
> > I am a newb
1 0 Mar 21 ?0:04 ftp mew.tcs
> root 7439 7419 0 08:42:13 pts/70:00 /usr/bin/ps -ef
> root 7417 135 0 08:12:59 ?0:00 in.telnetd
>ccchu 4607 1 0 Mar 15 ? 0:00 fs
> guest 7419 7417
Message-
> From: Brad [SMTP:[EMAIL PROTECTED]]
> Sent: Sunday, May 14, 2000 9:07 PM
> To: [EMAIL PROTECTED]
> Subject: there's a hacker!
>
> Dear all,
> I am a newbie as a administrator of company's workstations.
> Now I find(use "netstat") someone us
2:18 sim.v2
Does anybody knows how I can find the hacker ps,and stop
it?
thanks a lot.
Brad
--
Brad Chun
[EMAIL PROTECTED]
"The best way to esca
The hacker wanted to exploit the bind security hole. See the CERT info
at:
http://www.cert.org/current/current_activity.html#bind
This exploit is being used to break into linux boxes. I had one cracked
last week. That taught me to keep the patches current. Make sure you
have the latest bind
i downloaded ippl, basically logs all tcp, udp
connections. looking at the log today i see this
entry-
Jan 29 12:25:48 domain connection attempt from
[EMAIL PROTECTED] [216.0.222.7]
(216.0.222.7:4749->my-ip-address:53)
Jan 29 12:33:41 port 113 connection attempt from
ns.pfsfhq.com [216.0.222.7]
]>, "Wellington
> >> Terumi Uemura"
> >> writes:
> >> > Considering the security of my server(RedHat6.1),and the every Linux
> >> > community,i talk to a big friend of mine(a hacker) to try to hack my
> >> > sistem,to test the server
quot;
>> writes:
>> > Considering the security of my server(RedHat6.1),and the every Linux
>> > community,i talk to a big friend of mine(a hacker) to try to hack my
>> > sistem,to test the server and see how the server respond to that kind of
>> [snip]
>>
Look into the PIX firewall by Cisco.
fred
> Date: Sun, 21 Nov 1999 20:31:44 PST
> From: "Wellington Terumi Uemura" <[EMAIL PROTECTED]>
> To:[EMAIL PROTECTED]
> Subject: Re: Hacker Attack *help* thanks every one!!!
>
Gustav Schaffter wrote:
>
> Cokey,
>
> Where could I find more info on the Linux Router Project?
>
> Best regards
> Gustav
>
> Cokey de Percin wrote:
>
> > If you happen to have an old 386/40 or better with 16M of ram or
> > more (no hard drive, video or keyboard needed), you might want to
>
Bob Taylor wrote:
>
> In message <[EMAIL PROTECTED]>, "Wellington
> Terumi Uemura"
> writes:
> > Considering the security of my server(RedHat6.1),and the every Linux
> > community,i talk to a big friend of mine(a hacker) to try to hack my
> > si
Cokey,
Where could I find more info on the Linux Router Project?
Best regards
Gustav
Cokey de Percin wrote:
> If you happen to have an old 386/40 or better with 16M of ram or
> more (no hard drive, video or keyboard needed), you might want to
> look at the Linux Router Project. It works very
Thank you guys for the tips and recomendations:)Got to make my sys more
secure now,bye
__
Get Your Private, Free Email at http://www.hotmail.com
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
Juha Saarinen wrote:
>
> Wellington,
>
> First, that Web site has trojanised binaries on it (it's mostly Windows
> stuff). Don't download anything from there.
>
> Second, install a commercial-grade firewall, if you're worried about
> security. There's a security advisory document over at the Li
lington Terumi Uemura [mailto:[EMAIL PROTECTED]]
> Sent: Monday, 22 November 1999 12:34
> To: [EMAIL PROTECTED]
> Subject: Hacker Attack *help*
>
>
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
On Sun, Nov 21, 1999 at 03:33:52PM -0800, Wellington Terumi Uemura wrote:
: 1 - How can we(linux community) make ftp,telnet and mail server,not to
: respond to a brute force attack?Like, give "3" chances for logins and
: passwords for all services.
If you're really serious, I'd start by doing t
In message <[EMAIL PROTECTED]>, "Wellington
Terumi Uemura"
writes:
> Considering the security of my server(RedHat6.1),and the every Linux
> community,i talk to a big friend of mine(a hacker) to try to hack my
> sistem,to test the server and see how the serve
Considering the security of my server(RedHat6.1),and the every Linux
community,i talk to a big friend of mine(a hacker) to try to hack my
sistem,to test the server and see how the server respond to that kind of
attack.I've set the moust mix of words and numbers,like U7sxY4sF6 to be the
Chris,
>based access, everyone can still get to your pages) this is ftp, telnet,
since I need access to my own server from different servers, I cannot limit
access by host number. Is there an alternative solution?
Marcantonio
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LI
>
> How did you get that information? what commando did you use?
rpm -q bind
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
To unsubscribe: mail [EMAIL PROTECTED] with
How did you get that information? what commando did you use?
__
Alfonso Barreto Lopez Inst. de Inv. de Matematicas U.N.A.M
[EMAIL PROTECTED]
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARC
> I would agree with this assessment. Check your BIND first, it's the
> biggest hole that hackers are using these days. RedHat had an RPM for
> the BIND vulerability, but it seems the description had downplayed the
> importance of the upgrade.
I think that was my problem. I sill had the old
> stuff they find on the net. Another precaution is to go through you secure
> log and look for servers you don't normally see access your server. The
> more persistent hackers require you to check your logs normally (which you
> should be doing anyway) if you can trace a hacker bac
[EMAIL PROTECTED] wrote:
>
> I had the following messages on my daily report for one of my web servers
> today:
>
> Checking Packages...
> changes from previous run...
> ---
[snip]
> > SM5. /usr/sbin/in.rshd
> 118a128
> > SM5. /bin/login
> ---
>
> I assume this means I have been h
see access your server. The
more persistent hackers require you to check your logs normally (which you
should be doing anyway) if you can trace a hacker back to where they came
from call the ISP and the FBI.
Chris
-Original Message-
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
I had the following messages on my daily report for one of my web servers
today:
Checking Packages...
changes from previous run...
---
1a2
> ..5. /usr/sbin/smbd
15a17,18
> ..5. /usr/sbin/imapd
> S.5..UG. /usr/sbin/named
18c21
< ...T c /var/log/mars_nwe.log
---
> S.5T c /var/
On Fri, 08 May 1998, Patrick T. Berry wrote:
>One thing we would really like is a Lisp to Perl translator so we could run
>Autocad R14 on Linux. Unless someone out there knows how it can be done now.
>I am s tired of Win95 crashing! hYou know we
>would pay for the program. You could make a
happen? How to contact other linux developer?
>
> Read Eric Raymond's 'How to become a Hacker':
>
> http://sagan.earthspace.net/~esr/faqs/hacker-howto.html
...message snipped for brevity...
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIS
; happen? How to contact other linux developer?
Read Eric Raymond's 'How to become a Hacker':
http://sagan.earthspace.net/~esr/faqs/hacker-howto.html
And find something you like to do, not something that needs to be done.
Spend some time configuring your work environment so its co
Well, first of all, "hacker" in the old sense.
Anyway, I joined this community for about a year. I was pretty much
a very "lite" linux user, until I start reading this mailing list.
Maybe this is a little bit off topic, but I was wondering how to
writing codes and
39 matches
Mail list logo
