Jamey Poirier wrote:
> I would like to know how you can determine when you have been hacked?
> My system was hacked once before and I managed to discover this by noticing
> a lot of IRC traffic originating from my machine, and some hidden
> directories, but I don't really know of a reliable way to discover if you
> have been hacked.
> Right now I am running RedHat 6.2, and using IPCHAINS, and it seems that
> there is almost a continuous stream of attempted attacks. How do I
> determine if they have been successful? I would also like to be able to
> retaliate.
>
Jamey,
check out Tripwire. http://www.tripwire.com/downloads/
If you use it as a single instance and refrain from installing it on all
your company's machines ( like only the firewall ) it is free.
After you build a machine Tripwire takes a "snapshot " of everything (not just
file size but byte for byte snapshot)
Tripwire then senses any deviation (hack) and will inform you what has been
altered and how to fix it.
There is much more to Tripwire than a what quick mail message can explain....
I merely point out that it is one possible answer to your question.
Rob Yelle
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
