[UFO Chicago] Detecting a H4X0R
Larry Garfield
larry at garfieldtech.com
Fri Sep 12 04:17:37 CDT 2003
So the other day I went to log into Dalnet, and the network
automatically banned me. According to the server, my system was
detected broadcasting its information on the network, which Dalnet
interprets as my system having been hacked.
I started poking around my system and didn't see anything imediately
obvious, but then, I don't really know what I should be looking for. So
I ask y'all for advice, since this is the first time that I've had a
possible hack. What should I be looking for to determine if the system
has been compromised? What's the likelyhood that it has been cracked
vs. Dalnet being overly paranoid?
I've been planning to upgrade and/or reinstall this system soon anyway,
so the timing is good, but I figured I may as well make a learning
experience out of it. The system is Mandrake 9.0 with some patches (I
confess I've not kept up with as many as I should have), behind a NAT
router box that only forwards a few select ports (HTTP, FTP, SSH, etc.).
Any tips for what I should be looking for?
--
Larry Garfield AIM: LOLG42
larry at garfieldtech.com ICQ: 6817012
"If nature has made any one thing less susceptible than all others of
exclusive property, it is the action of the thinking power called an
idea, which an individual may exclusively possess as long as he keeps it
to himself; but the moment it is divulged, it forces itself into the
possession of every one, and the receiver cannot dispossess himself of
it." -- Thomas Jefferson
More information about the ufo
mailing list