[1867] in linux-security and linux-alert archive
[linux-security] What are some programs to use to trace spoofers?
daemon@ATHENA.MIT.EDU (Jim Conner)
Sun Jun 14 18:09:10 1998
Date: Sun, 14 Jun 1998 02:50:03 -0700
To: linux-security@redhat.com
From: Jim Conner <j_conner@earthlink.net>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
ALL,
Our Primary DNS has been broken into twice in the last week. The first
time it happened I noticed the hacker used named for means of gaining
entry. This guy was good at hiding his/her tracks so we reinstalled the OS
and left a minimum install to see if it was done again. We logged all
goings on from a secure remote machine. We got the hacker's IP address and
even some of what he/she did on the box. But the IP was spoofed. I heard
there was a way to trace a spoofed IP ( I know tracing can't be done after
the fact). Any ideas? And what are some good programs out there to do so?
There is a chance that the hacker attempted a connection to see if the box
was still up before he/she spoofed the IP. I have logs of someone
telnetting to the box a few minutes before the actual attack with a valid
domain name. Any ideas anyone?
Jim
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-Jim Conner | 3100 New York Dr.
-Earthlink Network | Pasadena, CA 91107
-Support Operations Center | (626) 296-3017 or (626) 296-3018
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null