[1867] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] What are some programs to use to trace spoofers?

daemon@ATHENA.MIT.EDU (Jim Conner)
Sun Jun 14 18:09:10 1998

Date: Sun, 14 Jun 1998 02:50:03 -0700
To: linux-security@redhat.com
From: Jim Conner <j_conner@earthlink.net>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com

ALL,

Our Primary DNS has been broken into twice in the last week.  The first
time it happened I noticed the hacker used named for means of gaining
entry.  This guy was good at hiding his/her tracks so we reinstalled the OS
and left a minimum install to see if it was done again.  We logged all
goings on from a secure remote machine.  We got the hacker's IP address and
even some of what he/she did on the box.  But the IP was spoofed.  I heard
there was a way to trace a spoofed IP ( I know tracing can't be done after
the fact).  Any ideas?  And what are some good programs out there to do so?
 There is a chance that the hacker attempted a connection to see if the box
was still up before he/she spoofed the IP.  I have logs of someone
telnetting to the box a few minutes before the actual attack with a valid
domain name.  Any ideas anyone?

Jim
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-Jim Conner						|	3100 New York Dr.
-Earthlink Network					|	Pasadena, CA 91107
-Support Operations Center		|	(626) 296-3017 or (626) 296-3018

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post