Re: [TCLUG:21399] script kiddies...

["Cook, Justin S." <jcook@k-lug.com>]

disconnect from net. format everything. reinstall. secure. connect to net.

Tracking a kiddie is horribly difficult, most have at least 1 host in
between whoever they are attacking. since he used a root kit, he *may* have
not been as retarded as most. if he left the logs, id highly suggest looking
through them, and keep on the lookout for the ip.

Justin Cook
----- Original Message -----
From: Ben Kochie <ben@nerp.net>
To: <tclug-list@mn-linux.org>
Sent: Monday, September 18, 2000 2:42 PM
Subject: [TCLUG:21399] script kiddies...


> one of my co-workers, who insists on admining his own box, and keeping it
> out on the internet connection, and not behind my firewall got sploited
> recently.. looks like the t0rn rootkit was used.. has anyone else had any
> kids in their boxes recently?  any luck tracking them?
>
> Thank You,
>         Ben Kochie (ben@nerp.net)
>
> *-----------------------*  [ - * - * - * - * - * - * - * - ]
> | Unix/Linux Consulting |  [ Haiku Error Message:          ]
> |  PC/Mac Repair        |  [  Chaos reigns within.         ]
> |   Networking          |  [  Reflect, repent, and reboot. ]
> | http://nerp.net       |  [  Order shall return.          ]
> *-----------------------*  [ - * - * - * - * - * - * - * - ]
>
>  "Unix is user friendly, Its just picky about its friends."
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> For additional commands, e-mail: tclug-list-help@mn-linux.org