I would start with contacting the sysadmin of servers on your list. You might find that one of the attackers attacked one of the systems from a legitimate Shell or Dialup. daN. At 09:31 PM 1/21/00 -0700, James Hepworth wrote: >Someone tried to get into one of our boxes here and left a door (rcp) to one >of their hacked servers. They also left quite a few files on the server, >large list of servers, IP addresses, usernames and root passwords + their >toolbox of toy scripts. Our system did not let them delete these files, but >they thought they had. I also have the console log with them chatting to >each other & the commands they issued. > >Is there any one place to report this type of violation or should I just >clam up and clean up the box? The connection (rcp) is still up (not for >long I suspect tho), I would like to catch these buggers..... > >Thanks >JAMES > >Tired of bad Internet search results? >Try http://www.muckymuck.com >Cut Through the Muck! >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:59:10 PDT