Mailinglist Archive: opensuse-security (220 mails)

< Previous Next >
Re: [suse-security] Intrusion
  • From: David Smith <David.Smith@xxxxxxxxxxxxxxxxxxxx>
  • Date: Mon, 24 Nov 2003 20:16:28 +0000
  • Message-id: <200311242016.28820.David.Smith@xxxxxxxxxxxxxxxxxxxx>
On Monday 24 November 2003 16:37, Antun Balaz wrote:
> Thanks to all. By the way, searching the Internet (by Google) looking for
> rootkit that was used on my machine, I found this site
>
> http://www.hackemate.com.ar/
>
> which is full of useful material for hackers. Can we do something about
> it?

You could email the site's ISP, to try to get it closed down. Running
traceroute on that address goes back to a machine called
"ns1.powered-hosting.com". It may be that powered-hosting.com's server
has been cracked, and is now serving rootkits, or they may be doing it
intentionally.

The last hop goes through a router in "prima.net.ar". You might be able
to get them to do something about it.

You could choose to inform the FBI, or the equivalent agency in your
country.

However, whether you can/should do is another question. They are not
necessarily the people actually cracking your machine, and the issues
of "free speech" may come in to play here. A lot of the parts of Linux
could be used as cracking tools; should all Linux download sites be
taken offline?

< Previous Next >
Follow Ups
References