On Thu, 14 Dec 1995, Matthew Huff wrote:
> As of yesterday, I detected an penetration attempt after the fact.
> This penetration attempt was on our sacrificial host.
> I am quite sure that it was an attack due to the person attempting to get the /etc/passwd.
> This attack was, as far as I can tell, to a backdoor in wu-ftpd. I am quite sure that this
> attempt failed.
> The question that I have now, is what should I do?
> Other than, of course verifing my current security.
> BTW, this attack came from another county.
This depends on what you are protecting, if the case is of non-crucial
information, I wouln't advise pursuing the matter too much.
You should however chase the alleged individual/s's butt in the
The host contains vital information of which knowledge by others could be
The intruder has succesfully penetrated your system.
You want to have fun and hassle him <I always do!>.
In any case, making contact with the attacking host is advisable as most
hostile activity come from taken-over accounts.
Of course, spooking the guy with a message from root @
saying that your host is of military importance to the govt. etc. etc.
etc. can be fun, depends on how much fooling-around time you have.
St. Viper the one that can't be satiated with pizzas O:-)
As you may have noticed, I'm back from my 2 weeks at Bulgaria and ready
to imbue you with my wisdom again.