Re: Hackers left open door to my server..

From: Neil Ratzlaff (neil.ratzlaffat_private)
Date: Tue Jan 25 2000 - 09:52:32 PST

Next message: Aaron D. Turner: "Re: Bypassing firewall"

Previous message: Wang, Daniel: "RE: Nokia/Checkpoint firewall"
Maybe in reply to: James Hepworth: "Hackers left open door to my server.."
Next in thread: Philip S Holt / Security Engineering: "Re: Hackers left open door to my server.."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Both CERT (http://www.cert.org/ftp/incident_reporting_form) and SANS 
(intrusionat_private) would probably like to hear from you.
Neil



At 21:31 01/21/00 -0700, James Hepworth wrote:
>Someone tried to get into one of our boxes here and left a door (rcp) to one
>of their hacked servers.  They also left quite a few files on the server,
>large list of servers, IP addresses, usernames and root passwords + their
>toolbox of toy scripts. Our system did not let them delete these files, but
>they thought they had.  I also have the console log with them chatting to
>each other & the commands they issued.
>
>Is there any one place to report this type of violation or should I just
>clam up and clean up the box?  The connection (rcp) is still up (not for
>long I suspect tho), I would like to catch these buggers.....
>
>Thanks
>JAMES
>
>Tired of bad Internet search results?
>Try http://www.muckymuck.com
>Cut Through the Muck!

Next message: Aaron D. Turner: "Re: Bypassing firewall"
Previous message: Wang, Daniel: "RE: Nokia/Checkpoint firewall"
Maybe in reply to: James Hepworth: "Hackers left open door to my server.."
Next in thread: Philip S Holt / Security Engineering: "Re: Hackers left open door to my server.."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:59:11 PDT