[1875] in linux-security and linux-alert archive
[linux-security] Re: What are some programs to use to trace
daemon@ATHENA.MIT.EDU (Gary Stanley)
Mon Jun 15 05:07:01 1998
Date: Sun, 14 Jun 1998 18:17:18 -0400
To: linux-security@redhat.com
From: Gary Stanley <ancient@nws.net>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
>To: Jim Conner <j_conner@earthlink.net>
>From: Gary Stanley <ancient@nws.net>
>Subject: Re: [linux-security] What are some programs to use to trace
spoofers?
>
>At 02:50 AM 6/14/98 -0700, you wrote:
>>ALL,
>>
>>Our Primary DNS has been broken into twice in the last week. The first
>>time it happened I noticed the hacker used named for means of gaining
>>entry. This guy was good at hiding his/her tracks so we reinstalled the OS
>>and left a minimum install to see if it was done again. We logged all
>>goings on from a secure remote machine. We got the hacker's IP address and
>>even some of what he/she did on the box. But the IP was spoofed. I heard
>>there was a way to trace a spoofed IP ( I know tracing can't be done after
>>the fact). Any ideas? And what are some good programs out there to do so?
>> There is a chance that the hacker attempted a connection to see if the box
>>was still up before he/she spoofed the IP. I have logs of someone
>>telnetting to the box a few minutes before the actual attack with a valid
>>domain name. Any ideas anyone?
>>
>>Jim
Only program I know of to tracked a spoofed IP address is MCI's Denial of
Service tracker. (http://www.security.mci.net/dostracker/index.html)
Gary Stanley
NWS Network Operations Center
http://www.nws.net
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null