Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] I have been hacked: who to contact
  • From: JW <jw@xxxxxxxxxxxxxxxxxx>
  • Date: Fri, 18 Jan 2002 11:19:01 -0600
  • Message-id: <5.1.0.14.0.20020118111546.024f5338@xxxxxxxxxxxxxxxxxxxxxxx>

1. Get that computer disconnected from any network immediately - especially from the Internet
2. Do not do anything with it. If you mess around with the computer you can't use the hard drive's contents to prove anything in court because there's the possibility that you "tampered with the evidence"
3. I suggest using dd to make an image of the disk on a second hard drive. Then do your investigating on the image.
3. Consult a Swiss security expert or agency. Or maybe the Swiss police would know who to contact.

At 08:34 AM 1/18/2002 -0800, you wrote:
>Dear Admins
>
>Our server has been hacked a few weeks ago (sshd
>1.2.27 crc32
>compensation attack/rootkit installed/visa- and
>mastercard scanned/irc
>relay installed/own sshd installed/ssh attack from
>tw/irc and logins
>from ro/lan sniffer installed/collected data sent to
>yahoo mail
>address).
>
>As we are located in Switzerland, we do not have FBI
>or CIA to handle
>this.
>
>Who should I contact:
>police, CERT@xxxxxxxxx, federal bureau of computer
>crime (if it exist?)
>
>How do you handle hacker attacks: after cleaning your
>computers you fall
>back into normal operation or do you have the
>gouvernment/big boss/...
>informed?
>
>How should I react on this attack?
>
>I hope somebody has already made some experience with
>swiss laws.
>
>Yours
>
>Andreas (genesis_xix@xxxxxxxxx)
>
>__________________________________________________
>Do You Yahoo!?
>Send FREE video emails in Yahoo! Mail!
>http://promo.yahoo.com/videomail/
>
>--
>To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
>For additional commands, e-mail: suse-security-help@xxxxxxxx

----------------------------------------------------
Jonathan Wilson
System Administrator

Cedar Creek Software http://www.cedarcreeksoftware.com
Central Texas IT http://www.centraltexasit.com


< Previous Next >
This Thread
References