Security Incidents: Re: info

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: info

From: Michel Arboi <arboi () yahoo com>
Date: Sat, 4 May 2002 10:56:56 +0200 (CEST)

 --- "Joe T." <auximini () yahoo com> a écrit :

- /var/log is gone


Your hacker looks lame, so I'd bet they did not wipe the log files.
You can probably read the old logs by accessing the raw disk device.
e.g. something like :
strings /dev/hdXX | less

- any other recommendations?


Unplug the machine from internet, boot from a floppy
(http://www.toms.net/rb/ is your friend) or CDROM (or at least, remount
your partitions read only)


___________________________________________________________
Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français !
Yahoo! Mail : http://fr.mail.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

By Date By Thread

Current thread:

RE: info, (continued)
- RE: info Loki (May 03)
  - RE: info Joe T. (May 06)
- Re: info W.G. Iyer (May 06)
  - Re: info Joe T. (May 06)
    - Re: info Jose Nazario (May 06)
- Re: info Michel Arboi (May 06)
- RE: info dlaumann (May 06)
  - RE: info Head of the Councel of Wizards (May 07)