> What I'd like to be able to do before I set up said firewall is
> set up a sort of packet sniffer box in between the internet and one of the
> servers that this person is using. Hopefully to find out who they are and
> what they are doing.
Right answer, wrong problem.
Who they are is a relayed attack through some other compromised machine
somewhere else, probably in Brazil, Pakistan, Greece, or Saudi Arabia.
That compromised machine is probably relaying data from a third machine
which in turn relays from a fourth ... etc. You may have to involve
Interpol in a search for the real hacker, or at least CERT.
What are they doing? Probably going around the internet seeing how
many m4ch1n3s th3y can 0wn3d l1k3 y00r s0rry 4rs3 b3cuz th3y 4r3
1337 d00d! If you're really lucky they might actually do something
useful with your machine, like D0S M1cr0s0ft!!!
It's not worth your trouble. Besides, who cares?
Find out how they got in. My guess: Because you didn't have a firewall.
End of answer. Once you have that answer, find out how to keep them out.
I think you can guess the answer to that one.
Believe me, tracking hackers back to home base is just not worth it.
Besides, once your hacker is kicked out of his dial-up account for h4x0ring
your b0x, they'll just use one of the other 500 or so accounts they managed
to get off the phreakers mailing lists. If it's really important that you
track the guy down because there's some kind of industrial espionage issue
going on and you want to prosecute, then call in the experts to do it.
Del
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
