Re: [SLUG] Need help, I appear to victim of mischief

From: Matt (matt@sandmcomputers.com)
Date: Sat Aug 17 2002 - 13:17:09 EDT


On Sat, 2002-08-17 at 11:36, Darr Palmer wrote:
> Last Friday I left my previous job to go to work for a new employer. Lets
> just say that my parting was not happy because of the immature actions of my
> previous employer.
>
> Suddenly, as in since last Saturday, I have appeared to become the victim of
> some very ingenious mischief. My server appears to be the victim of DOS
> attacks. And I suddenly have began getting several virus attacks via email.
>
> Can anyone lead me in the direction of verifying if in fact I just happen to
> be getting random emails with viruses, or is it a deliberate attempt to
> interfere with my website and email.
>
> And specifically where it is being generated from. If it is as I suspect, I
> would like to have the proof before I confront the party responsible with my
> attorney.

First of all, I recommend checking your system logs and the full headers
on all e-mails. You should be able to draw correlations from IP
addresses and domains. There is the possibilty the "attacks" are coming
from anonymous remailers (or open relays) and 3rd party computers.
Secondly, build netfilter iptables into your kernel. Install the
iptables binary. Setup rules for logging of all packets to get a bigger
picture of what traffic is coming in and out of your box.
http://www.netfilter.org/
Thirdly, install portsentry and logsentry. Both tools assist with log
parsing and system attack identification/prevention.
http://www.psionic.com/products/logsentry.html
http://www.psionic.com/products/portsentry.html
In terms of A/V software, you can download trial versions of sophos,
mcafee, etc for Linux to use in conjunction with your MTA/MDA.
Mailscanner works well to filter and (in conjunction with an A/V
program) virus-scan incoming mail.
http://www.sng.ecs.soton.ac.uk/mailscanner/

HTH

Matt





This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 16:25:51 EDT