Somebody interesting in doing some forensics on a Sarge based machine?
Hi,
last week a server of the GnuMed project was hacked and a rootkit was
installed. I'm not very skilled in doing forensics, but I guess there
might be some people here who are interested. If you are interested in
investigating in
http://lists.gnu.org/archive/html/gnumed-devel/2004-11/msg00188.html
please contact me in private mail.
Kind regards
Andreas.
---------- Forwarded message ----------
Date: Mon, 22 Nov 2004 18:51:20 +1100
From: Horst Herb <subscriptions@gnumed.net>
To: gnumed-devel@gnu.org
Subject: Re: URGENT - hherb.com hacked
On Mon, 22 Nov 2004 04:54, Andreas Tille wrote:
If you are interested I could propagate this to Debian people who have
some experiences with intrusion detection. This case is also interesting
for Debian because I think hherb.com was running Sarge more or less and
thus the case might be relevant for Sarge release.
That would be great.
After moving everything to the new server, I am happy to grant root access for
anybody wanting to analyze for a week or so before we switch that server off.
(I have already secured a full tarball of the system the day after the
rootkit was probably installed for forensics)
Horst
_______________________________________________
Gnumed-devel mailing list
Gnumed-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/gnumed-devel
Reply to: