On Thu, 2005-07-21 at 07:29 -0600, Chuck Hast wrote:
> This agent seems to have it on the ball, he sort of said during the phone call
> that he was not real strong in Unix/Linux, but either he is being coached well
> or he was just trying to not come on too strong.
>
> But he has really taken a interest, I suspect that the buzzards have come
> home to roost in so many places that they more data they can gather on
> these activities the better the view that they get. I am assuming that this is
> somewhat like weather predictions, the more data points you have the better
> your results, so they are trying to get as much as they can in order to get a
> better view of things.
>
>
>
Chuck, if you need log files, I can at least provide iptables DROP
entries with source IP info. Most of these are probably compromised
machines and not the hacker directly. If it's not enough (since no ssh
session ever takes place), we have the resources to set up a honeypot
and log activity through the whole hack process. Finding the time to do
such might be another story but if it's the right route, we'll make it
happen.
Mike Branda Jr.
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 18:10:13 EDT