disconnect from net. format everything. reinstall. secure. connect to net. Tracking a kiddie is horribly difficult, most have at least 1 host in between whoever they are attacking. since he used a root kit, he *may* have not been as retarded as most. if he left the logs, id highly suggest looking through them, and keep on the lookout for the ip. Justin Cook ----- Original Message ----- From: Ben Kochie <ben at nerp.net> To: <tclug-list at mn-linux.org> Sent: Monday, September 18, 2000 2:42 PM Subject: [TCLUG:21399] script kiddies... > one of my co-workers, who insists on admining his own box, and keeping it > out on the internet connection, and not behind my firewall got sploited > recently.. looks like the t0rn rootkit was used.. has anyone else had any > kids in their boxes recently? any luck tracking them? > > Thank You, > Ben Kochie (ben at nerp.net) > > *-----------------------* [ - * - * - * - * - * - * - * - ] > | Unix/Linux Consulting | [ Haiku Error Message: ] > | PC/Mac Repair | [ Chaos reigns within. ] > | Networking | [ Reflect, repent, and reboot. ] > | http://nerp.net | [ Order shall return. ] > *-----------------------* [ - * - * - * - * - * - * - * - ] > > "Unix is user friendly, Its just picky about its friends." > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: tclug-list-unsubscribe at mn-linux.org > For additional commands, e-mail: tclug-list-help at mn-linux.org --------------------------------------------------------------------- To unsubscribe, e-mail: tclug-list-unsubscribe at mn-linux.org For additional commands, e-mail: tclug-list-help at mn-linux.org