what to do when you've been rooted
Andru Luvisi
luvisi at andru.sonoma.edu
Sat Jan 20 22:15:15 PST 2001
On Sat, 20 Jan 2001, Bob Blick wrote:
[snip]
> My machine, however, was abused for the last three days. They did not use
> Ramen to gain access, and definitely put in a kit of some sort, /var/log is
> empty and acts like a link to /dev/null, and root has installed and been
> running BitchX(certainly not me). I think that machine gets a fresh install.
[snip]
If they are irc users, sniff their irc session. You'll find out how they
operate, who their friends are, and if they use any nick and channel
registration services, their passwords to them. I am not a lawyer, and
this is not legal advice. I heard from a federal prosecutor, at defcon
last year, that it is legal to monitor any communications on your own
system so long as the user is not a legitimate user to whome you have
given an expectation of privacy.
Attacking their system is not legal, but I can't imagine anyone getting
mad at you for a little irc fun...
Andru
--
Andru Luvisi, Programmer/Analyst
Quote Of The Moment:
I'm not normal. I know it. I don't care!
- Ace Of Base
More information about the talk
mailing list