Re: Visited by a cracker
From: Alan Hicks (alan_at_lizella.net)
Date: 07/14/04
- Previous message: Anthony R. Plastino III: "Re: Visited by a cracker"
- In reply to: Arthur Chan: "Re: Visited by a cracker"
- Next in thread: abe: "Certifying a RedHat Install"
- Reply: abe: "Certifying a RedHat Install"
- Reply: Mario Ohnewald: "Re: Visited by a cracker"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 13 Jul 2004 18:45:51 -0400 To: Arthur Chan <axc@andrew.cmu.edu>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Jul 13, 2004, at 11:20 AM, Arthur Chan wrote:
> Is it at all possible that the cracker tampered his .bash_history and
> left
> it there to fool you?
Anything's possible when a cracker's involved, but I wouldn't think
this is a likely scenario. A good cracker wouldn't have left it so that
top or ps would show his processes (like the strace), and thus likely
wouldn't have left the .bash_history around either.
If you realy want to be paranoid you can wonder if the "break-in" was
actually performed by some third party who hopes you will suspect this
user and not him, but realistically this just doesn't happen.
- --
It is better to hear the rebuke of the wise,
Than for a man to hear the song of fools.
Ecclesiastes 7:5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (Darwin)
iD8DBQFA9GYflKR45I6cfKARAkWYAJ0fJhHRhdRo0AzuARsfGgW2V5hEsACfYIIA
ee3WZ0j+3+JVHn8FHTyHbBI=
=1wIw
-----END PGP SIGNATURE-----
- Previous message: Anthony R. Plastino III: "Re: Visited by a cracker"
- In reply to: Arthur Chan: "Re: Visited by a cracker"
- Next in thread: abe: "Certifying a RedHat Install"
- Reply: abe: "Certifying a RedHat Install"
- Reply: Mario Ohnewald: "Re: Visited by a cracker"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
