Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] I have been hacked, what to do now?
  • From: Leo Rivas <leorivas@xxxxxxxxx>
  • Date: Thu, 17 Jan 2002 11:51:03 -0400
  • Message-id: <3C46F2E7.72B449FE@xxxxxxxxx>
Hi Markus
Checked that files but found nothing wrong yet (used vi and mcedit), what may I expect to find there?...
according to the log i sent, should y suppose the 'hacker' made an enter or are those failed tries?

Thanks
Leo


Markus Noch wrote:

> hi,
>
> check ps,netstat,login and pstree . the one who hacked your machine replaces them to hide his intrusion.
> further search for tools like dsniff. dsniff is a rootkit.
> open this one`s ( ps,netstat,login and pstree ) with an asci editor. in some cases you can
> see plain text.
>
> greetz and fun,
> --
> -----------------------------------------------------
> Markus Noch
> bsk IT Systemhaus GmbH
> .-. Tel.: +49 6241 / 94650-21
> /v\ Klosterstrasse 23
> // \\ 67547 Worms
> /( )\
> ^^-^^
> _ _ _ _ ___ ____
> | |__ ___| | __ | \ | |/ _ \ / ___|
> | '_ \/ __| |/ /____| \| | | | | |
> | |_) \__ \ <_____| |\ | |_| | |___
> |_.__/|___/_|\_\ |_| \_|\___/ \____|
> Network-Operation-Centre POP Worms
> noc@xxxxxxxxxxx
> ---Home is where ever those login prompts shine !----
>


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com


< Previous Next >
This Thread
References