Jamey Poirier wrote:
> I would like to know how you can determine when you have been hacked?
> My system was hacked once before and I managed to discover this by noticing
> a lot of IRC traffic originating from my machine, and some hidden
> directories, but I don't really know of a reliable way to discover if you
> have been hacked.
> Right now I am running RedHat 6.2, and using IPCHAINS, and it seems that
> there is almost a continuous stream of attempted attacks. How do I
> determine if they have been successful? I would also like to be able to
> retaliate.
>
> -----Original Message-----
> From: Robert W. Fowler [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, September 19, 2000 8:55 PM
> To: GNHLUG; Thomas Charron
> Subject: Re: Hacked. Reporting?
>
> well ive had a few machines hacked in the near past, and ive even got
> a 30 page log file of what the little F _ _ _er did and what he was
> doing , i would have loved to have had the chance to monitor the
> traffic but Vitts networks cut the connection before i could use a
> traffic
> sniffer. but of well maybe next time .... Rob F.
> PS. id love to pool info like this to setup Traps for little Sh_ _
> Heads like this ...
>
Try looking up Tripwire for linux.
They allow one free instance to be downloaded (honor system)
It takes a highly detailed snapshot of your system (like a firewall) at
build time.
If anything changes after that it will tell you what changed , who changed it
and how to fix it.
Nice overall package and at the price its a real deal
Rob Yelle
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
