[1879] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: What are some programs to use to trace spoofers?

daemon@ATHENA.MIT.EDU (Annex)
Mon Jun 15 08:25:14 1998

Date: Mon, 15 Jun 1998 10:11:48 +0600 (BGT)
From: Annex <annex@thing.annexgrp.org>
To: Jim Conner <j_conner@earthlink.net>
cc: linux-security@redhat.com
In-Reply-To: <199806140949.CAA25398@ireland.it.earthlink.net>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com

On Sun, 14 Jun 1998, Jim Conner wrote:
| goings on from a secure remote machine.  We got the hacker's IP address and
| even some of what he/she did on the box.  But the IP was spoofed.  I heard

spoofed? the hacker worked (i.e. logged in and executed commands) with a
spoofed IP? are you sure it wasn't someone from your OWN network?

| was still up before he/she spoofed the IP.  I have logs of someone
| telnetting to the box a few minutes before the actual attack with a valid

could be the hacker.. could be not..  did you get anything suspicious from
his activity from your sniffing logs (i guess you meant sniffing (and
mrore) when you said monitored from the remote secure server)?

---
Annex

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post