|
-
August 25th, 2005, 06:35 AM
#11
The honeypot idea. Like it was said before it won't help you find out where they are attacking from. Also there can be some legal issues with setting one up to trap someone. It is much the same as entrapment by law enforcement. I will say I like honeypots but there has been a lot of legal controversy over this.
Honeypots are nothing like entrapment. Entrapment would be if a law enforcement officer was telling you to hack the system. Sine a honeypot is a private endeavor and is a passive system... clearly this does not apply.
People need to seriously stop giving legal advice when they haven't got a clue.
cheers,
catch
-
August 25th, 2005, 09:36 PM
#12
Thanks,
The thing is that I wasn't using a GUI, I was using a shell and it still didn't find it. ls -a and also ls -R still won't find any of it. How in the world can you get it to do that?
Then how did you find the files?
-
August 25th, 2005, 11:44 PM
#13
Member
catch - if Iwere to setup a honeypot in my environment, someone could use it as a legal defense of entrapment.
People need to seriously stop giving legal advice when they haven't got a clue.
I in no way was giving legal advice. What I was saying is that there are in fact some legal issues with honeypots. If it is a private endeavor then go for it, but for corporations and especially government entities then there are legal issues.
to SYN, or not to SYN. That is the question. -Shakespeare?
-
August 25th, 2005, 11:57 PM
#14
cashmoney,
Like catch said, entrapment IS like an officer telling you to steal. A honeypot is like a bait car - that is, a car the police leave on the street with the keys inside and visible, then wait for someone to steal it. Legally, I believe they are two completely different concepts.
IANAL, however.
-ik
Alright Brain, you don\'t like me, and I don\'t like you. But let\'s just do this, and I can get back to killing you with beer.
-- Homer S.
-
August 26th, 2005, 12:48 AM
#15
Member
ik - i'll buy that. sorry if I offended anyone, by the looks of my only antipoints now gone I must have.
to SYN, or not to SYN. That is the question. -Shakespeare?
-
August 26th, 2005, 05:09 PM
#16
Just an obvious question.
Was the distro you were using kept up to date with security patches etc.
Most distros have tools for that.
Doing so, along with other sensible measures (see many tutorials on this site), will keep your vunerabilities down to a minumum.
I know if my home server wasn't kept up to date it would have been compormised long ago.
Steve
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
-
August 26th, 2005, 06:30 PM
#17
Junior Member
As stated earlier, the trouble your experiencing is most likely being caused by a kernel mode rootkit... If it is a desperatley mission critical machine, there is one thing you could 'try' to remediate the problem. Since rootkits typically patch the system call table, to redirect or 'hook' calls, you could try to backup an un-patched/infected table. Obviously, the most reliable solution is to completely reinstall... i just thought i would input my 2 cents. Hope it helped.
- shell
-
August 26th, 2005, 10:17 PM
#18
Senior Member
Ok, An update to this whole situation. We were able to determine how they got in and all the files that they loaded. We have cleaned up most of the mess. Thank you everyone for your help.
The only four things i need are food, water, a computer, and the internet.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote