Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
-
Linux Server hacked - how to trace back?
This gets a little touchy, if this guy/gal is good then they are going through mutiple boxes to get to you. If they are going through a proxy box then see if it is runing wingate or other telnet proxy software. You need to see what the log files from the hijacked box are to see the connected...- happytom
- Post #2
- Forum: Security, hacker detection & forensics
-
Being scanned on a wide range of ports....
Sapient2003 is right, if this is a spoofed IP then the attacker will never know what is happening since the spoofed ip is not his ip. What you will want to do is take a log of what is happening and see where it is comming from. Do a WhoIs on the addresses and find out if they belong to a...- happytom
- Post #4
- Forum: Security, hacker detection & forensics
-
help me trace net activity
If you want to see the programs that are useing ports then look at the eathereal logs then run fport.exe. Fport.exe will look at your open ports and then map the program that is running on that port. Fport is free and takes only a secound, run it from a command prompt...- happytom
- Post #8
- Forum: Security, hacker detection & forensics
-
Help! Mail server has been compromised...
I had the same problem, I called my ISP and they turned off port 25 off and I had to use thier smtp gateway for sending mail. If that is the case then you can forwared your mail to thier smtp server. If that is not the case then you need to see if port 25 is open and running. Here are some...- happytom
- Post #6
- Forum: Security, hacker detection & forensics
