Any time your know a box is cracked, you should:
pull the box off the network,
save any data,
save a full copy of the box for digital forensics,
refomat disk drives and
fresh install to remove any possible back doors the
cracker installed.
Could go here to get an ipchains firewall script.
http://linux-firewall-tools.com/linux/firewall/index.html
You might want to read Armoring Linux
http://www.enteract.com/~lspitz/linux.html
and http://www.securityportal.com/lskb/articles/
and http://www.securityportal.com/lasg/
and http://www.cert.org/advisories/
Check on the vendor site for security updates to your distro.
On Mon, 18 Sep 2000 07:28:30 -0700, Rafael
>Hello !
>I know what happen. My computer was attacked. Files like login, ls,
>portmap an ps
>was substituted by scripts. Real files was founded on created folder by
>intruder.
>Can I follow who it was, or more precise from where it was. I am not
>interesed to
>find intruder but I would like to know where he is locate. If he is
>dangerous.
>What should I do? I work us NetworkAdministor and from this computer
>(home) I was
>login to work servers. I do not want cracker to find my password on this
>servers.
>What shell I do now?
--
The warranty and liability expired as you read this message.
If the above breaks your system, it's yours and you keep both pieces.
Practice safe computing. Backup the file before you change it.
Do a, man command_here or cat command_here, before using it.
by