From owner-freebsd-hackers Mon Jun 24 02:38:50 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id CAA10571 for hackers-outgoing; Mon, 24 Jun 1996 02:38:50 -0700 (PDT) Received: from minnow.render.com (render.demon.co.uk [158.152.30.118]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id CAA10557; Mon, 24 Jun 1996 02:38:42 -0700 (PDT) Received: (from dfr@localhost) by minnow.render.com (8.6.12/8.6.9) id KAA26539; Mon, 24 Jun 1996 10:41:27 +0100 Date: Mon, 24 Jun 1996 10:41:26 +0100 (BST) From: Doug Rabson To: "Jordan K. Hubbard" cc: Amancio Hasty , hackers@FreeBSD.org, security@FreeBSD.org, ache@FreeBSD.org Subject: Re: I need help on this one - please help me track this guy down! In-Reply-To: <8378.835580425@time.cdrom.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-hackers@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk On Sun, 23 Jun 1996, Jordan K. Hubbard wrote: > > Also since "you" were logged in , try to look in the logs for a > > a loggin session of a foreign host and I would report the incident to the > > FBI 8) > > All we have are the "last" logs, which show: > > jkh ttyp2 a235.pu.ru Sun Jun 23 16:50 - 17:18 (00:28) > jkh ttyp3 a235.pu.ru Sun Jun 23 15:00 - 15:34 (00:33) > > If someone at the russian site could help correlate this time (PST) to > the local time at wherever a235.ru.pu came in from, we could at least > narrow down which user(s) it might have been. > > Also, I think that calling the FBI on this one is only likely to get > me put on infinite hold when they hear that the perpetrator is in > Russia. :-) Which parts of the archive do you have write access to? It just occurred to me that inserting a virus into the release version of quake would be a far more devastating attack than tampering with a FreeBSD release. -- Doug Rabson, Microsoft RenderMorphics Ltd. Mail: dfr@render.com Phone: +44 171 251 4411 FAX: +44 171 251 0939