RE: [MLUG] how did they break in?

Email address obfuscation in effect -- please click here to turn it off.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: <EMAIL:PROTECTED>
Subject: RE: [MLUG] how did they break in?
From: "Deterding, Brent D" <EMAIL:PROTECTED>
Date: Tue, 8 May 2001 15:26:30 -0500
Reply-To: EMAIL:PROTECTED
Sender: EMAIL:PROTECTED
Thread-Index: AcDX+/xQDpHGJ8YtQGCif/aIsTwS9AAANwLw
Thread-Topic: [MLUG] how did they break in?

Go here:

http://www.sans.org/infosecFAQ/incident/incident_list.htm

and here:

http://www.sans.org/infosecFAQ/malicious/chkrootkit.htm

Hope these help!

-----Original Message-----
From: Mike Miller [mailto:EMAIL:PROTECTED]
Sent: Tuesday, May 08, 2001 3:20 PM
To: MLUG membership
Subject: RE: [MLUG] how did they break in?


On Tue, 8 May 2001, Deterding, Brent D wrote:

> How about unplugging it from the network

I can do that.


> dd'ing a copy of the drive,

what does that mean?


> and analyzing that with the "The Coroners Toolkit"?

Interesting.  Found it on the web.  Hadn't heard of it before.


> A tripwire DB?

Don't have it yet.


> Installed from RPM's?

Mostly no.


> This will give you the best chance of actually learning anything
> instead of just fixing it. Make sure they don't get in again . . .

Thanks.

Mike

--
To manage your subscription, go to
http://mlug.missouri.edu/members/edit.php

Archives are available at http://mlug.missouri.edu/list-archives/
--
To manage your subscription, go to http://mlug.missouri.edu/members/edit.php

Archives are available at http://mlug.missouri.edu/list-archives/

Prev by Date: RE: [MLUG] how did they break in?
Next by Date: [MLUG] Internet Hackers Alert (fwd)
Previous by thread: RE: [MLUG] how did they break in?
Next by thread: [MLUG] Internet Hackers Alert (fwd)
Index(es):
- Date
- Thread