On Thu, 13 Feb 2003 18:26:46 EST, Chris Brenton said: > If other source IP's were used, it may not have come from your network. > If your IP address space was the only thing spoofed, the attacker would > need to sniff the replies somehow which implies they own one of your > boxes or possibly a box up stream. Or the attacker was a script kiddie who didn't understand how to use the tool he had. ;) (Maybe I'm just jaded - the last intrusion I had to work, I discovered that the first thing the intruder did was try to craft a backdoor, The first attempt didn't even hit the right file because they couldn't type, and the second attempt broke things so badly that not only did their backdoor not work, but neither did the original exploit they rode in on.. ;) Sometimes the data makes a LOT more sense if you analyze it while thinking "What if the Three Stooges were hackers?"..... :)
This archive was generated by hypermail 2b30 : Fri Feb 14 2003 - 21:03:25 PST