Security Basics mailing list archives
RE: compromised network
From: "Raoul Armfield" <armfield () amnh org>
Date: Mon, 29 Dec 2003 12:30:04 -0500
Best bet is to reinstall OS and software from known good media and restore data from backups Raoul :-----Original Message----- :From: Dana Rawson [mailto:absolutezero273c () nzoomail com] :Sent: Friday, December 26, 2003 2:22 PM :To: security-basics () securityfocus com :Subject: compromised network : : : :Not sure where to start except by saying that my servers and :router were compromised. Have locked down both servers and :routers (at least I have attempted to do so) but what is the :best way to verify that there is nothing rogue left active on :the servers? Also, is there any legal action I should take :(i.e. Do I alert any authorities)? It appears that my network :was targeted by a server in california and individuals from :Australia, Netherlands and the US were connecting using it as :an ftp server. Was actually named "Revenge Server". : :I just installed Ethereal and am currently capturing packets :but am not really sure how to read this or if there is any :easier way to monitor all things. ...And to actually know how :to read it. : :Will I be able to retrieve ip addresses from packets to match :activity on my syslog and identify rogue traffic? : :This is all new to me so I apologize if my questions don't :make sense or my approach is illogical. : :--------------------------------------------------------------- :------------ :--------------------------------------------------------------- :------------- : : --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- compromised network Dana Rawson (Dec 29)
- RE: compromised network Raoul Armfield (Dec 29)
- Re: compromised network Alvin Oga (Dec 30)
- RE: compromised network Yvan Boily (Dec 31)
- Re: compromised network Alvin Oga (Dec 30)
- RE: compromised network Glenn Pearl (Dec 29)
- Re: compromised network erisk (Dec 30)
- Re: compromised network Jason Coombs (Dec 31)
- Re: compromised network Meritt James (Dec 31)
- Re: compromised network erisk (Dec 30)
- Re: compromised network Lard van den Berg (Dec 30)
- Re: compromised network Christos Gioran (Dec 30)
- RE: compromised network JM (Dec 30)
- Re: compromised network DT - Paulo Santos (Dec 30)
(Thread continues...)
- RE: compromised network Raoul Armfield (Dec 29)