Firewall Wizards mailing list archives

Re: Hackers left open door to my server..

From: Neil Ratzlaff <neil.ratzlaff () ucop edu>
Date: Tue, 25 Jan 2000 09:52:32 -0800

Both CERT (http://www.cert.org/ftp/incident_reporting_form) and SANS(intrusion () sans org) would probably like to hear from you.

Neil



At 21:31 01/21/00 -0700, James Hepworth wrote:

Someone tried to get into one of our boxes here and left a door (rcp) to one
of their hacked servers.  They also left quite a few files on the server,
large list of servers, IP addresses, usernames and root passwords + their
toolbox of toy scripts. Our system did not let them delete these files, but
they thought they had.  I also have the console log with them chatting to
each other & the commands they issued.

Is there any one place to report this type of violation or should I just
clam up and clean up the box?  The connection (rcp) is still up (not for
long I suspect tho), I would like to catch these buggers.....

Thanks
JAMES

Tired of bad Internet search results?
Try http://www.muckymuck.com
Cut Through the Muck!

Current thread:

Hackers left open door to my server.. James Hepworth (Jan 24)
- Re: Hackers left open door to my server.. Neil Ratzlaff (Jan 27)
- Re: Hackers left open door to my server.. daN. (Jan 27)
- Re: Hackers left open door to my server.. Jayson Broughton (Jan 27)
- Re: Hackers left open door to my server.. Philip S Holt / Security Engineering (Jan 28)
- <Possible follow-ups>
- RE: Hackers left open door to my server.. Michael J. Daveler (Jan 25)
- RE: Hackers left open door to my server.. Don Benack (Jan 25)
- RE: Hackers left open door to my server.. Bob Eichler (Jan 26)