Home page logo

basics logo Security Basics mailing list archives

RE: compromised network
From: "Raoul Armfield" <armfield () amnh org>
Date: Mon, 29 Dec 2003 12:30:04 -0500

Best bet is to reinstall OS and software from known good media and
restore data from backups


:-----Original Message-----
:From: Dana Rawson [mailto:absolutezero273c () nzoomail com] 
:Sent: Friday, December 26, 2003 2:22 PM
:To: security-basics () securityfocus com
:Subject: compromised network
:Not sure where to start except by saying that my servers and 
:router were compromised.  Have locked down both servers and 
:routers (at least I have attempted to do so) but what is the 
:best way to verify that there is nothing rogue left active on 
:the servers?  Also, is there any legal action I should take 
:(i.e. Do I alert any authorities)?  It appears that my network 
:was targeted by a server in california and individuals from 
:Australia, Netherlands and the US were connecting using it as 
:an ftp server.  Was actually named "Revenge Server".
:I just installed Ethereal and am currently capturing packets 
:but am not really sure how to read this or if there is any 
:easier way to monitor all things. ...And to actually know how 
:to read it. 
:Will I be able to retrieve ip addresses from packets to match 
:activity on my syslog and identify rogue traffic?
:This is all new to me so I apologize if my questions don't 
:make sense or my approach is illogical.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]