[Gllug] Ways to check for a crack?
David Irvine
Maillist at glasgownet.com
Wed Nov 20 11:16:52 UTC 2002
On Tue, 2002-11-19 at 20:34, Jonathan Harker wrote:
> On Tuesday 19 Nov 2002 10:25 pm, Neil Fryer wrote:
> > Hi All
> >
> > I need some help on this one please, what are the ways that you would check
> > to see if a system has been cracked?
> > I have run chkrootkit, and am looking through the logs, ran last, checking
> > all FW logs, checking datestamps, ran tripwire, what else is there as we
> > may have a major problem on our hands? Also what irc #'s are the that are
> > know for crackers to hang out on in the UK, if any, as I would suspect that
> > this is local if it has happened?
> >
> > Thanks in advance.
>
> Unplug it, and don't reboot it!!!! :-)
>
This is one way of finding out if you've been cracked, although its not
always the best, any self respecting l337 d00d would have some script
checking to see if he's been cut off then blow away any traces of
him/her and usually the remaining system, i've seen this happen a few
times when people have realised they have an intruder and pulled the
network cable out so they can examine it and subsequently the system
starts going ape.
My advice, if you think you are being cracked, turn the system off
completely, then boot up using a rescue disk and look at your logs.
HTH
David
> --
> Jonathan Harker
> www.jonathanharker.co.uk
>
> "I keep seeing spots in front of my eyes."
> "Did you ever see a doctor?"
> "No, just spots."
>
>
> --
> Gllug mailing list - Gllug at linux.co.uk
> http://list.ftech.net/mailman/listinfo/gllug
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list