For my case....I've checked my logs (syslog, sulog, lastlog, logs in /usr,
logs in /var, etc..) didn't find anything of suspicion. Am I overlooking
some log file? How are other fairing in tracing the source?
Sincerely yours,
Nontakorn Roongphornchai (Jo+)
Web Advisory Co., Ltd.
Tel: 662-679-5616, 5020 x 108
Fax: 662-679-5618-9
----- Original Message -----
From: "Ng, Kenneth (US)" <[EMAIL PROTECTED]>
To: "'Joseph Spainhour'" <[EMAIL PROTECTED]>; "Jose Nazario"
<[EMAIL PROTECTED]>
Cc: "Eric Robinson" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Saturday, May 26, 2001 1:14 AM
Subject: RE: f**k USA government f**k poizonbox
> The person who defaced your web page may not have done anything more than
> that. But HOW DO YOU KNOW HE WAS THE ONLY PERSON THAT BROKE IN? What if
> beforehand someone broke in and left a back door? Or a time bomb?
>
> -----Original Message-----
> From: Joseph Spainhour [mailto:[EMAIL PROTECTED]]
> Sent: Friday, May 25, 2001 1:43 PM
> To: Jose Nazario
> Cc: Eric Robinson; [EMAIL PROTECTED]
> Subject: RE: f**k USA government f**k poizonbox
>
>
>
> I have to agree here. If the system is hacked, find out all you can
> about what they did, then reinstall. Either from scrach, or from a
> known good backup. It is the only way to be sure. Not taking these
> steps is only asking for trouble.
>
> Joseph
>
> On Fri, 25 May 2001, Jose Nazario wrote:
>
> ->On Fri, 25 May 2001, Eric Robinson wrote:
> ->
> ->> Members of this list who suggest that you should reformat and
> ->> reinstall after a hacking inicdent are only partially correct.
> ->> Starting with a clean slate is the only way to be sure you have
> ->> eliminated your problem if you don't already know the exact nature of
> ->> the attack. In this case, we do. :-)
> ->
> ->no, you don't.
> ->
> ->if i really wanted to screw with you, i'd make all outward signs look
like
> ->something else relatively benign (deface the webpage in the same
fashion),
> ->but install some backdoors. as long as i was running around racking up
> ->boxes with a known exploit, i may as well have some fun with it as well.
> ->
> ->unless you have a host based integrity monitoring system, ie Tripwire,
> ->don't make any assumptions based on what you have observed using a
> ->compromised system.
> ->
> ->____________________________
> ->jose nazario [EMAIL PROTECTED]
> -> PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
> -> PGP key ID 0xFD37F4E5 (pgp.mit.edu)
> ->
> ->-
> ->[To unsubscribe, send mail to [EMAIL PROTECTED] with
> ->"unsubscribe firewalls" in the body of the message.]
> ->
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
****************************************************************************
*
> The information in this email is confidential and may be legally
privileged.
> It is intended solely for the addressee. Access to this email by anyone
else
> is unauthorized.
>
> If you are not the intended recipient, any disclosure, copying,
distribution
> or any action taken or omitted to be taken in reliance on it, is
prohibited
> and may be unlawful. When addressed to our clients any opinions or advice
> contained in this email are subject to the terms and conditions expressed
in
> the governing KPMG client engagement letter.
>
****************************************************************************
*
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
