Re: Hackers left open door to my server..

From: Philip S Holt / Security Engineering (philipsholtat_private)
Date: Tue Jan 25 2000 - 11:20:26 PST

Next message: dwelchat_private: "Re: FW-1 "allow outbound""

Previous message: Saravana Ram: "Re: Bypassing firewall"
Maybe in reply to: James Hepworth: "Hackers left open door to my server.."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

James Hepworth wrote:

> Someone tried to get into one of our boxes here and left a door (rcp) to one
> of their hacked servers.  They also left quite a few files on the server,
> large list of servers, IP addresses, usernames and root passwords + their
> toolbox of toy scripts. Our system did not let them delete these files, but
> they thought they had.  I also have the console log with them chatting to
> each other & the commands they issued.
>
> Is there any one place to report this type of violation or should I just
> clam up and clean up the box?

-    CERT-    "This is what they do - what they are 'on-duty' for; your needs
should be sent their way    ...."
Philip

> The connection (rcp) is still up (not for long I suspect tho), I would like to
> catch these buggers.....
>
> Thanks
> JAMES

Next message: dwelchat_private: "Re: FW-1 "allow outbound""
Previous message: Saravana Ram: "Re: Bypassing firewall"
Maybe in reply to: James Hepworth: "Hackers left open door to my server.."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:59:19 PDT