hi robert
it's not good that your pc was hacked..etc...
if you didnt save your log files...before they erased it.. its lots harder
to track your 'friends"
if you didn record the network activity as soon as you unpluged your
hacked machine to see where they are coming from and trying to
re-connect to your hacked machine... again its hard to track down
if you want to track down hackers.. you might wanna prepare your
servers and network for them to attack those honeypots while
keeping all you rmain data and servers securely monitored
behind a very secure network and network policy
if this happened 2 months back... and have not seen any
recurrance, consider yourself lucky... esp if there was no data loss
if it is a university, call your local FBI office or local computer
crime dept of your local police dept and they'd help track down
the hacker...
- they esp like it when the damanges are in excess of $10K or was
it $15K when it gets their attention
have fun
alvin
http://www.Linux-Sec.net/Tracking
On Sun, 6 Jan 2002 [EMAIL PROTECTED] wrote:
> My background is not computer security, but mathematics, and I was wondering if I
>might be humbly allowed to ask a question:
>
> Last summer my PC was attacked by a malicious hacker who used a Trojan Horse
>NetBus. My Norton Personal Firewall alerted me about all five attacks, but I
>panicked, shut down and rebooted, but by doing that, somehow the malicious hacker got
>my username and password and even my email address (all replaced). He even took over
>my Norton firewall somehow and shut me out so that I could not reconfigure it or even
>do anything at all in my MSDOS screen to find mysterious or renamed Windows files. I
>was terrified that somehow this malicious hacker would get into the computer network
>at the university I am affiliated with. Incidentally, two months ago a hacker got
>into the Apple computer of one of the professor's in the Mathematics Department. I
>learned after he gave me a research paper to read, because there was a computer
>technician there working on his PC to help him reinstall his backed up files.
>
> I know hackers use what is known as "spoofing" IP addresses. But in spite of that I
>was wondering is there any way law enforcement experts or computer security
>specialists can trace a hacker's whereabouts? Some years back there were several
>Scientific American articles in one issue on these matters, that is, firewalls,
>malicious hackers, attacks on networks, denial of service attacks, etc. But I could
>not follow very well the peculiar, nearly "fictional narrative" one of the
>contributors to these Scientific American articles gave to show how the network
>administrator and the FBI caught the fictitious hacker in the article.
>
> If there presently is no way at all for someone in authority, network
>administrators, or computer security specialists to locate a hacker's whereabouts,
>then perhaps research should best be focused in this area.
>
> Incidentally someone posted some information about the Diffie-Hellman algorithm
>(actually called in Number Theory a certain kind of exponentiation cipher), saying
>that the keys are found by using elements of a finite group (a finite field,
>actually), which is quite true.
>
> Suppose parties A and B want a common key. Then if they use a cryptosystem like DES,
>they take two elements h and k from that finite field, multiply them together, then
>raise the integer b to the power hk, or b^hk. This is the common key, and A sends b^h
>to B, B sends b^k to A, and both are able to decipher the encrypted messages. Usually
>the integers h and k are very large prime numbers, too large for a malicious hacker
>to guess.
>
> Thanking you for your patience in advance,
>
> Robert Betts
>
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
