Hello, Yesterday morning (Saturday), a toyOS^Wlinux server I am "co-administering" has been cracked using a kernel exploit. According to the system and security update logs, it should have been safe (patched) against this threat, but it seems the "online update" thing had a problem.
Well, that is not the point of my post: the cracker/script kiddie has left many clues on the server, and according to several logs I belive his IP is 200.158.156.249, from Brasil: inetnum: 200.158.128/18 aut-num: AS27699 abuse-c: ABL226 owner: TELECOMUNICACOES DE SAO PAULO S.A. - TELESP ownerid: 002.558.157/0001-62 responsible: Paulo Arthur Juliano address: Av. Paulista, 2300, 19� andar address: 01310-300 - Sao Paulo - SP (at least the IP which has been used to do the attacks... that may of course be a kind of gateway or anything) He defaced all the homepages running on that server with some stupid text, which caused much trouble and ruined the day of some people (incl. mine, but backups were uptodate so it helped a lot :-). Now, the server owner would like to do something (legal) against the cracker: I guess that is quite difficult, but what do you think: is there *any* way to prosecute him ? First by getting his name from the provider, and then by via fedpol/interpol? Have you done that before? Thanks in advance for your feedback & regards, Olivier ---------------------------------------------- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/
