> one of my co-workers, who insists on admining his own box, and keeping it > out on the internet connection, and not behind my firewall got sploited > recently.. looks like the t0rn rootkit was used.. has anyone else had any > kids in their boxes recently? any luck tracking them? > I'm on a DSL line at home, and my box gets probed on average twice a *day*. The best you can usually do is try and find out who owns the IP address (which can be something of a black art in itself) and complain to their ISP -- nine times out of ten it turns out just to be somebody *else's* cracked home server or DSL-connected PC. It seems like it's gotten a lot harder today to track these guys. For a while I had a nearly perfect kill ratio, but lately it seems like nearly every probe is either nigh-untraceable, or turns out to be coming from some squid-hatching concern in Korea. --------------------------------------------------------------------- To unsubscribe, e-mail: tclug-list-unsubscribe at mn-linux.org For additional commands, e-mail: tclug-list-help at mn-linux.org