On Mon, 06 Nov 2000 21:17:21 CST, Phil Brutsche writes:
>> The syslog is probably the best place to find how he got into your
>> system. But it might have been tampered with. If you think it's a
>> fairly recent attack, look around your directories a bit with an `ls
>> -lart` to show all recently
On Mon, 6 Nov 2000, Chewie wrote:
> Here's a little known trick for a very minimalistic intrusion
> detection hack. Debian installs a file called .md5sums in
> the directory /var/lib/dpkg/info/. If you move yourself to the root
> parition:
>
> bash$ cd /
>
> And run md5sum -c on the pack
On Mon, Nov 06, 2000 at 04:43:13PM +0800, Livia Admin wrote:
> ey guys.. pls reply to my real email add cause i'm not in the lists
>
> i think i'm compromised. cause when i do netstat i see a telnet
> connection established to my box for almost 1 hour. i do ps but see
> only 'in.telnetd'. is ther
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
A long time ago, in a galaxy far, far way, someone said...
> A lot depends on whether you want to watch/trace/prosecute/learn
> from/annoy him, or if you just want him off your system.
>
> What I would do (since I like to do learn from the intrusions)
On Mon, 6 Nov 2000, Livia Admin wrote:
> ey guys.. pls reply to my real email add cause i'm not in the lists
>
> i think i'm compromised. cause when i do netstat i see a telnet
> connection established to my box for almost 1 hour. i do ps but see
> only 'in.telnetd'. is there any way that i will
ey guys.. pls reply to my real email add cause i'm not in the lists
i think i'm compromised. cause when i do netstat i see a telnet connection
established to my box for almost 1 hour. i do ps but see only 'in.telnetd'. is
there any way that i will know what he is doing before i'll disconnect him
6 matches
Mail list logo
