Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 20 Feb 1999 16:15:15 -0200
From:      "Jose Carlos da Silva" <jcds@brasmail.com.br>
To:        Patrick Seal <patseal@hyperhost.net>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: I've been hacked!
Message-ID:  <19990220181518.A7FF31183F@hub.freebsd.org>
In-Reply-To: <Pine.BSF.4.05.9902201300540.51938-100000@foobar.hyperhost.net>
References:  <199902201754.MAA18691@hyperhost.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
Patrick, Em 20 Feb 99, voce escreveu:

> I am using the TCP wrappers, have root login disabled, and am running a
> newly CVSUP'd 3.1-STABLE.  What I what to know is how to contact his/her
> ISP.

You should find the IP address of the connection in your log files. 
If you haven't enabled the full log files features of TCP WRAPPERS, 
maybe you should check the TCP WRAPPERS documentation to enable the 
logging of the IP address of each connection and wait until the next 
try of the hacker.

Once you have the IP address, you should do a NSLOOKUP on it to get 
the hostname including the domain name. If the IP address doesn't 
have a reverse hostname available, you can try to use traceroute or 
RWHOIS (http://www.rwhois.net) to discover from which network he is 
trying to connect to your server. In general, it will be an ISP 
(Internet Service Provider) used for dialup access.

Normally, complaints shoud be sent to addreses like abuse@domain.com 
or security@domain.com, but it should be a good idea to checkout the 
domain homepage to look for his 'Acceptable User Policy' and contact 
email addresses.

In most of the cases, the maximum you will get is to cancel the 
hacker dialup account, but he will think twice before trying to 
attack you again.

Regards,

o-----------------( Jose Carlos da Silva )-----------------o
| Administrador de Rede - WebMaster - jcds@brasmail.com.br |
| ALLNET! Provedor Internet       http://www.allnet.com.br |
| Brasmail Internet Services    http://www.brasmail.com.br |
| Central Brasileira de Listas        http://www.listas.nu |
| Sao Paulo - SP - Brasil             Fone: (011)3061-0088 |
o----------------------------------------------------------o


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990220181518.A7FF31183F>