Re: hacked

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Tenacious One wrote:
Hmm, don't just focus on the server, and don't do anything drastic to alert
that you're onto him/her!
Goto your permeter devices and turn on logging like mad (routers/firewall) so you can codify events (assuming that he/she is coming from the outside). Also, on the inside, pop in a sniffer on that subnet and capture everything
- if you can't read the traffic at least you can start homing-in on where
it's originating, and that might divulge what programs/services are been
hacked... START A CHAIN-of events!!!! Document everything you notice and
what you do/did but try not to change the system - if it goes to court
you'll need it. Wish I could offer more but I'm not a unix/linux expert
(yet). Please keep us informed to let us know the progress.


Two cents:

If you DONT intent to go to court, just grab a quick view of what's
going on, from where the cracker connects, dump the disks to someplace offline where you can check them later if you ever have the time/inclination then wipe the machines and reinstall with added security precautions (SELinux, tripwire, chrooting
etc.) Because of course the infection will be back otherwise.

If the baddie uses the servers to attack others, you might become liable.
NOT good.


--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux