From owner-freebsd-hackers Sun Jun 23 22:38:44 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id WAA25101 for hackers-outgoing; Sun, 23 Jun 1996 22:38:44 -0700 (PDT) Received: from bang.rain.com (bang.rain.com [204.119.8.73]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id WAA25082; Sun, 23 Jun 1996 22:38:38 -0700 (PDT) Received: (from john@localhost) by bang.rain.com (8.6.12/8.6.9) id WAA23685; Sun, 23 Jun 1996 22:38:21 -0700 From: John Cavanaugh Message-Id: <199606240538.WAA23685@bang.rain.com> Subject: Re: I need help on this one - please help me track this guy down! To: jkh@time.cdrom.com (Jordan K. Hubbard) Date: Sun, 23 Jun 1996 22:38:20 -0700 (PDT) Cc: hasty@rah.star-gate.com, hackers@FreeBSD.org, security@FreeBSD.org, ache@FreeBSD.org In-Reply-To: <8378.835580425@time.cdrom.com> from "Jordan K. Hubbard" at Jun 23, 96 06:40:25 pm X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-hackers@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk > > Also since "you" were logged in , try to look in the logs for a > > a loggin session of a foreign host and I would report the incident to the > > FBI 8) > > All we have are the "last" logs, which show: > > jkh ttyp2 a235.pu.ru Sun Jun 23 16:50 - 17:18 (00:28) > jkh ttyp3 a235.pu.ru Sun Jun 23 15:00 - 15:34 (00:33) > > If someone at the russian site could help correlate this time (PST) to > the local time at wherever a235.ru.pu came in from, we could at least > narrow down which user(s) it might have been. > > Also, I think that calling the FBI on this one is only likely to get > me put on infinite hold when they hear that the perpetrator is in > Russia. :-) Maybe it's time to call Cliff Stoll. -- John Cavanaugh "There can be only one."