Re: [SLUG] Son of a dog...

From: Chuck Hast (wchast@gmail.com)
Date: Thu Jul 21 2005 - 11:52:47 EDT


On 7/21/05, Mike Branda <mike@wackyworld.tv> wrote:
> On Thu, 2005-07-21 at 07:29 -0600, Chuck Hast wrote:
>
> > This agent seems to have it on the ball, he sort of said during the phone call
> > that he was not real strong in Unix/Linux, but either he is being coached well
> > or he was just trying to not come on too strong.
> >
> > But he has really taken a interest, I suspect that the buzzards have come
> > home to roost in so many places that they more data they can gather on
> > these activities the better the view that they get. I am assuming that this is
> > somewhat like weather predictions, the more data points you have the better
> > your results, so they are trying to get as much as they can in order to get a
> > better view of things.
> >
> >
> >
>
> Chuck, if you need log files, I can at least provide iptables DROP
> entries with source IP info. Most of these are probably compromised
> machines and not the hacker directly. If it's not enough (since no ssh
> session ever takes place), we have the resources to set up a honeypot
> and log activity through the whole hack process. Finding the time to do
> such might be another story but if it's the right route, we'll make it
> happen.

OK, I am going to wait and see what he says, if he wants to set up a
honeypot, that would be a hoot, and would be glad to do it.

I have assumed the same thing that these machines have been commandeered
and are being used remotely. The know nothing of it.

-- 
Chuck Hast 
To paraphrase my flight instructor;
"the only dumb question is the one you DID NOT ask resulting in my going
out and having to identify your bits and pieces in the midst of torn
and twisted metal."

----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 18:10:19 EDT