Hack attacks
Gary Stainburn
gary.stainburn at ringways.co.uk
Tue Nov 20 10:31:50 UTC 2012
On Tuesday 20 November 2012 10:15:55 Eddie G. O'Connor Jr. wrote:
> And just how would someone "know" if they've been cracked?....are there
> alerts?...or is it really a matter of waiting for someone to contact you
> telling you that they've gotten your IP address when doing a backtrace
> from their network? (And I'm only asking because I've had a machine
> that's been "up and running" for almost a year, but I wouldn't have a
> CLUE as to know whether or not it's been compromised or not!...)
>
>
> EGO II
If you have tripwire or other monitoring software installed you *may* get
alerts. These tend to work by taking a snapshot of various parts of your
system, e.g. /etc/passwd, and monitoring them for changes.
In my case, I was contacted by someone who was being attacked by one of my
servers and finally traced the problem to how / where my server had been
cracked. To be totally safe through I removed the server and built a new one.
You can never be 100% certain that you've cleaned a broken box.
More information about the users
mailing list