Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: Re: Redhat 6.2 Honeypot Hacked

Re: Redhat 6.2 Honeypot Hacked

From: Greg Estabrooks <greg_at_phaze.org>
Date: Sun, 14 Apr 2002 23:32:44 -0300

> have had many emails from Romanians offering to
> translate the IRC bits.

 A few weeks ago we had a colocation customers machine get hacked into by
a couple of romanians who then used it as a BNC bouncer for themselves and
some friends. I've had an IRC client in their channel watching them for
weeks and was going to notify all of the various hosts I see them join
from.

 The BNC logs from the hacked machine show (I have an rsync of it) all of
the machines they connect from, IRC servers they connected to as well as
most of the IRC conversations for the month and a half they had access to
the machine. 

-- 
"And he piled upon the whales white hump, the sum of all the rage and hate
felt by his whole race. If his chest had been a cannon, he would have
shot his heart upon it."
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Received on Apr 15 2002
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos