compromised network

From: Dana Rawson (absolutezero273c_at_nzoomail.com)
Date: 12/26/03

  • Next message: jamesworld_at_intelligencia.com: "Re: Firewall Hardware Recommendations" 
    Date: 26 Dec 2003 19:21:45 -0000
To: security-basics@securityfocus.com
    ('binary' encoding is not supported, stored as-is)

    Not sure where to start except by saying that my servers and router were compromised. Have locked down both servers and routers (at least I have attempted to do so) but what is the best way to verify that there is nothing rogue left active on the servers? Also, is there any legal action I should take (i.e. Do I alert any authorities)? It appears that my network was targeted by a server in california and individuals from Australia, Netherlands and the US were connecting using it as an ftp server. Was actually named "Revenge Server".

    I just installed Ethereal and am currently capturing packets but am not really sure how to read this or if there is any easier way to monitor all things. ...And to actually know how to read it.

    Will I be able to retrieve ip addresses from packets to match activity on my syslog and identify rogue traffic?

    This is all new to me so I apologize if my questions don't make sense or my approach is illogical.

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

  • Next message: jamesworld_at_intelligencia.com: "Re: Firewall Hardware Recommendations"