[SunHELP] Tracking Hacker ?
Brian Hechinger
sunhelp at sunhelp.org
Wed Apr 25 10:19:14 CDT 2001
> I didn't - I think it's because the other guy who has root said I was to
> paranoid and told me to keep telnet open ?
when you are talking network security the words "too paranoid" mean "doing
your job right" there are no exceptions.
> Someone at work runs a packet analyzer (sniffer). With telnet (ie:
> rapeme_im_stupid) running and someone rooting from the Internet you are wide
> open.
and here is an example of why i made my previous comment.
> They don't appear very sophisticated if they didn't modify the file access time
> for motd.
not entirely true, see below.
> Run SSH exclusively and your console traffic will be reasonably
> secure. You should even run SSH on your routers (Cisco supports SSH, maybe
> others do too).
and please dis-allow root to login with ssh. i don't know WHY it's set to
allow root to connect with ssh by default, but it _REALLY_ shouldn't be.
> I'll keep lookin' around perhaps looking for all / any files modified on
> "Apr 24" at 18:52 or so.. Otherwise, from the looks of it, the ONLY file I
> see that were touched so far were /etc/motd, /var/adm/messages and the
> wtmp or utmp files I assume since there is nothing in "last" ...
keep in mind this could be mis-direction. there is a good chance these things
happened at a completely different time. not a huge chance, unless the hacker
was good, and from the lack of destruction, i would say there is a good chance
he's not some brain-dead cracker. hackers tend to be more methodical. since
it isn't about destroying your system, it's about getting in undetected, and
covering one's trail. not that any of this really matters at this point, but
it's just stuff to think about.
i'm rambling and getting away from my point, which is: /etc/motd is modified
"Apr 24" at 18:52, but /bin/ls is modified at another time, that you overlook
since you are concentrating on "Apr 24" at 18:52. as an example.
cheers,
-brian
More information about the SunHELP
mailing list