Re: [suse-security] I have been hacked, what to do now?
Hi Markus Checked that files but found nothing wrong yet (used vi and mcedit), what may I expect to find there?... according to the log i sent, should y suppose the 'hacker' made an enter or are those failed tries? Thanks Leo Markus Noch wrote:
hi,
check ps,netstat,login and pstree . the one who hacked your machine replaces them to hide his intrusion. further search for tools like dsniff. dsniff is a rootkit. open this one`s ( ps,netstat,login and pstree ) with an asci editor. in some cases you can see plain text.
greetz and fun, -- ----------------------------------------------------- Markus Noch bsk IT Systemhaus GmbH .-. Tel.: +49 6241 / 94650-21 /v\ Klosterstrasse 23 // \\ 67547 Worms /( )\ ^^-^^ _ _ _ _ ___ ____ | |__ ___| | __ | \ | |/ _ \ / ___| | '_ \/ __| |/ /____| \| | | | | | | |_) \__ \ <_____| |\ | |_| | |___ |_.__/|___/_|\_\ |_| \_|\___/ \____| Network-Operation-Centre POP Worms noc@bsk-info.de ---Home is where ever those login prompts shine !----
_________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
Just an idea : http://www.chkrootkit.org/ link works :O):_ Michael Appeldorn
Yup, Markus: dsniff is not a root kit, nor a part of one. It's a network auditing tool kit, which of course can be abused in certain ways (sniffing, MitM attacks, etc.). More info about dsniff can be found on its home page: http://www.monkey.org/~dugsong/dsniff . Leo: You may want to check out parts of our SuSE security FAQ on http://www.susesecurity.com/faq , see chapter "Incident Reporting".
check ps,netstat,login and pstree . the one who hacked your machine replaces them to hide his intrusion. further search for tools like dsniff. dsniff is a rootkit. open this one`s ( ps,netstat,login and pstree ) with an asci editor. in some cases you can see plain text.
greetz and fun, -- [...]
Boris ---
participants (3)
-
Boris Lorenz
-
Leo Rivas
-
Michael Appeldorn