If you're perp has installed a rootkit, then patching your shell may give you away, especially if his kit modified bash already. However, this is the best solution if your perp is connecting via an encrypted session. Consider also sniffing the connection from another system. It's more stealthy and cannot be affected by the perp without him breaking into the sniffer box. Any sniffer will do. Telnet commands will show up in clear text to port 23. good luck. J Jewitt --- Marlon Jabbur <mjabburat_private> wrote: > Take a look at > http://project.honeynet.org/papers/honeynet/bash.patch > it's > a bash patch that allows you to record the history > in a syslog server. > > Hope this help. > Marlon > ----- Original Message ----- > From: "Tom Kapanka" <tomat_private> > To: <forensicsat_private>; > <incidentsat_private> > Sent: Monday, March 11, 2002 9:00 PM > Subject: Keylogger Needed Quick! > > > > We got a intruder cornered and need to install a > keylogger quick! Anyone > > got a good one that I can drop in real easy and > quiet-like to nab this > guy? > > He comes in right around the same time and that > time draws near. > > > > OS: RedHat Linux 7.1 > > > > I was confused by the ones listed at PacketStorm, > most of them are for > > Windoze. Any help getting this installed would be > appreciated! > > > > -t > > > > > > > ----------------------------------------------------------------- > > This list is provided by the SecurityFocus ARIS > analyzer service. > > For more information on this free incident > handling, management > > and tracking system please see: > http://aris.securityfocus.com > > > > > > > ----------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS > analyzer service. > For more information on this free incident handling, > management > and tracking system please see: > http://aris.securityfocus.com > __________________________________________________ Do You Yahoo!? Try FREE Yahoo! Mail - the world's greatest free email! http://mail.yahoo.com/ ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Mar 12 2002 - 10:19:37 PST