Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Linux
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Did I get hacked?

from [Greg Metcalfe] Network Security [Permanent Link]
Subject: Re: Did I get hacked?
Date: Tue, 13 Feb 2007 17:11:23 -0800 
On Sunday 11 February 2007 11:43, Grant wrote:

The entire contents of my /home/grant/vmware folder have suddenly
disappeared.  I haven't noticed anything else strange yet.  I did
configure and start shorewall for the first time yesterday instead of
using a few iptables commands from the Gentoo Home Router Guide, and
I'm running PenguinTV (a video RSS aggregator with an ebuild in
bugs.gentoo.org) and transmission (a bittorrent client in portage) for
the first time.  My shorewall config is here:

http://archives.gentoo.org/gentoo-user/msg_108375.xml

What should I do next?

- Grant

Not nearly enough info for anyone to make a call on wether you got hacked. You 
might bear in mind that 99% of the time, this sort of thing is the result of 
an accidental 'rm'. What you should probably do next is look at your shell 
history file to see if that might be the case.

If nothing turns up, check your system logs, etc. Consider this as a good 
reason to run some sort of host intrusion detection system. You might even 
consider writing a rudimentary HIDS yourself.

Doing the research required to do anything like a good job of it will teach 
you a lot about what to look for in the future. No offense meant, but you 
won't get far into a project like that before you realize that you haven't 
given anyone *nearly* enough information to answer the question, "Did I get 
hacked?"

Someone with the *exact* same system configuration might be able to answer 
your question (most probably if they've been hacked, and can prove it) but 
that's pretty unlikely. Gentoo isn't that popular (nothing against it, for 
you Gentoo folk, but it really does have minor market share compared to, say, 
Ubuntu, Debian, Fedora, or RH).

So you're asking a very generic question, usually immediately assignable to 
operator error, about a somewhat specialized distro, with a very specific 
loadout.

I wish you well, but that's going to be tough question to get a good answer 
to. OTOH, maybe a few Gentoo aficionados will be pissed at my response, 
research the problem within an inch of it's life, and come up with an 
immediate answer, just to prove me wrong. That would fix you up nicely, and I 
hope it happens. I'm just a bit doubtful.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Did I get hacked?, Manuel Arostegui Ramirez
Next by Date:  Re: Did I get hacked?, terry white
Previous by Thread:  Re: Did I get hacked?, Manuel Arostegui Ramirez
Next by Thread:  Re: Did I get hacked?, terry white
Indexes:  [Date] [Thread] [Top] [All Lists]