RE: Help, some one's hacked into my home computer

[sean.kelly () lanston com]

> i'm on a cable modem, i run back officer friendly,
> stepped away from the desktop for a few hours, came
> back and saw the alerts.  I've done a find on all the
> files changed today and compared them with the times
> that they were on.  I'm stumped on what to do next. 
> This is happening right now, realtime.  Can anybody
> please respond.

I know zilch about back officer friendly so I'm going to respond just to the
rest of the msg.

First thing I'd do is get that machine off the net or at least shut down
server services such as FTP.  If you have valuable stuff on there you might
as well start off by keeping them from getting any more than they already
have.

With any luck you have logs of the event.  First step is to collect all the
data you have on the attack and if you have an ip address or any other data,
contact the domain admin of the attacker's ip -- forward log segments, etc.
It may not fix your immediate problems but it may very well at least get the
attacker's account revoked.  I've gotten accounts revoked for things as
simple as portscans and failed nuke attempts so it DOES work.

As for your machine.  Im afraid the safest thing would be a full reinstall
of everything.  Reinstall the OS and restore all the data from a backup if
you have one.  There's a good chance you won't pick up everything they've
done to your computer and it's better to be safe than sorry.

As for the prevention... get your hands on a 486 and a couple network cards,
install freebsd and make the machine a firewall/proxy.  This list is a great
resource so I won't go into details, but it's possible to have a bit of
protection for next to nothing.

Sean