Paul Tan wrote: > Hello experts, > > I am helping a friend who got hacked last few days. > Below is the logs from /var/log/messages, i managed to get the logs > from the "last" command too. Is this sufficient info to call their ISP > and get that guy? > > Rgds, > Paul > > If you need more evidence i can produce eg. rootkits and stuff i found > on the webserver. > <snip> It is sufficient to call the ISP and have them tell the SA's of the other boxes that they have been hacked as well( due to the two IP addresses involved). Maybe with their logs you can find them, or find the next hacked machine in the chain. Aside from that, there's no real legal steps that can be successfully taken, unless you can prove that the chain of evidence wasn't broken. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Sep 25 2001 - 09:43:29 PDT