On Thu, 14 Dec 1995, Matthew Huff wrote:
>
> As of yesterday, I detected an penetration attempt after the fact.
>
> This penetration attempt was on our sacrificial host.
>
> I am quite sure that it was an attack due to the person attempting to get the /etc/passwd.
> This attack was, as far as I can tell, to a backdoor in wu-ftpd. I am quite sure that this
> attempt failed.
>
> The question that I have now, is what should I do?
>
> Other than, of course verifing my current security.
>
> BTW, this attack came from another county.
>
This depends on what you are protecting, if the case is of non-crucial
information, I wouln't advise pursuing the matter too much.
You should however chase the alleged individual/s's butt in the
following cases:
The host contains vital information of which knowledge by others could be
disasterous.
The intruder has succesfully penetrated your system.
You want to have fun and hassle him <I always do!>.
In any case, making contact with the attacking host is advisable as most
hostile activity come from taken-over accounts.
Of course, spooking the guy with a message from root @
whitehouse .
gov
saying that your host is of military importance to the govt. etc. etc.
etc. can be fun, depends on how much fooling-around time you have.
__
St. Viper the one that can't be satiated with pizzas O:-)
**guyd @
actcom .
co .
il**
As you may have noticed, I'm back from my 2 weeks at Bulgaria and ready
to imbue you with my wisdom again.
References:
|
|
