LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 04-18-2005, 09:51 AM   #1
stabu
Member
 
Registered: Mar 2004
Location: dublin IRL
Distribution: Slackv12.1, Slamd64v12.1,Xubuntu v8.10_64, FC8_64
Posts: 438
Blog Entries: 5

Rep: Reputation: 32
I'm pointed to as culprit


I have a friend (of a friend) who administering a dedicated RH server we contracted from an ISP. In the beginning I was given a user ID and password, but I never used it, I went through the administrator always.

A month or two later the administrator seems to have suffered an intrusion, and feels that it is me, principally because the intrusion comes from the same range of IP addresses I typically use (my ISP gives me a dynamic IP address) and that I have a password.

This is all I know. Is it reasonable to link my knowledge of the password and the IP together and accuse of intrusion? Does he have a point?

I've seen no fishy business on my own machines, so it's all highly odd. But what can I say in my defence? Can the IP evidence be called coincidence?
 
Old 04-18-2005, 11:24 AM   #2
masand
Guru
 
Registered: May 2003
Location: INDIA
Distribution: Ubuntu, Solaris,CentOS
Posts: 5,522

Rep: Reputation: 58
hi there

he must be having some logs wiht him and u might be haivng some on you machine
u can check both of them and see of they are not the same

first se what is the time of intrusion that he claims
then u can check whether u were online at that time from ur machine or u were on that machine

regards
 
Old 04-18-2005, 12:18 PM   #3
gbhil
Member
 
Registered: Jan 2005
Location: /dev/input/chair0
Distribution: Slackware, Gentoo, Vector, Roll-your-own-with-GNU binutils
Posts: 174

Rep: Reputation: 30
If you didn't do it, tell him to fluck himself and not worry about it.
Without the proper logs (or the ability to READ the proper logs) he is just speculating. Ask him to prove it, or stfu about it.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Document pointed by LQ to newbies won't load bruno buys LQ Suggestions & Feedback 1 08-09-2004 01:09 AM
is samba the culprit? bahadur Linux - Enterprise 1 06-24-2004 10:08 PM
I could really use some help or to be pointed where I could get some help. jmrkellers Linux - Networking 1 03-31-2004 03:28 AM
securing a linux box...how 2 trace the hacking culprit fhameed Linux - Security 15 01-22-2004 07:47 PM
who is the culprit? (traceroute problem) domeili Linux - Networking 1 11-12-2003 10:44 AM


All times are GMT -5. The time now is 10:00 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration