[1875] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: What are some programs to use to trace

daemon@ATHENA.MIT.EDU (Gary Stanley)
Mon Jun 15 05:07:01 1998

Date: Sun, 14 Jun 1998 18:17:18 -0400
To: linux-security@redhat.com
From: Gary Stanley <ancient@nws.net>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com

>To: Jim Conner <j_conner@earthlink.net>
>From: Gary Stanley <ancient@nws.net>
>Subject: Re: [linux-security] What are some programs to use to trace
spoofers?
>
>At 02:50 AM 6/14/98 -0700, you wrote:
>>ALL,
>>
>>Our Primary DNS has been broken into twice in the last week.  The first
>>time it happened I noticed the hacker used named for means of gaining
>>entry.  This guy was good at hiding his/her tracks so we reinstalled the OS
>>and left a minimum install to see if it was done again.  We logged all
>>goings on from a secure remote machine.  We got the hacker's IP address and
>>even some of what he/she did on the box.  But the IP was spoofed.  I heard
>>there was a way to trace a spoofed IP ( I know tracing can't be done after
>>the fact).  Any ideas?  And what are some good programs out there to do so?
>> There is a chance that the hacker attempted a connection to see if the box
>>was still up before he/she spoofed the IP.  I have logs of someone
>>telnetting to the box a few minutes before the actual attack with a valid
>>domain name.  Any ideas anyone?
>>
>>Jim

Only program I know of to tracked a spoofed IP address is MCI's Denial of
Service tracker. (http://www.security.mci.net/dostracker/index.html)




Gary Stanley
NWS Network Operations Center
http://www.nws.net

 

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post