Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 04-18-2005, 08:51 AM   #1
Registered: Mar 2004
Location: dublin IRL
Distribution: Slackv12.1, Slamd64v12.1,Xubuntu v8.10_64, FC8_64
Posts: 438
Blog Entries: 5

Rep: Reputation: 32
I'm pointed to as culprit

I have a friend (of a friend) who administering a dedicated RH server we contracted from an ISP. In the beginning I was given a user ID and password, but I never used it, I went through the administrator always.

A month or two later the administrator seems to have suffered an intrusion, and feels that it is me, principally because the intrusion comes from the same range of IP addresses I typically use (my ISP gives me a dynamic IP address) and that I have a password.

This is all I know. Is it reasonable to link my knowledge of the password and the IP together and accuse of intrusion? Does he have a point?

I've seen no fishy business on my own machines, so it's all highly odd. But what can I say in my defence? Can the IP evidence be called coincidence?
Old 04-18-2005, 10:24 AM   #2
LQ Guru
Registered: May 2003
Location: INDIA
Distribution: Ubuntu, Solaris,CentOS
Posts: 5,522

Rep: Reputation: 58
hi there

he must be having some logs wiht him and u might be haivng some on you machine
u can check both of them and see of they are not the same

first se what is the time of intrusion that he claims
then u can check whether u were online at that time from ur machine or u were on that machine

Old 04-18-2005, 11:18 AM   #3
Registered: Jan 2005
Location: /dev/input/chair0
Distribution: Slackware, Gentoo, Vector, Roll-your-own-with-GNU binutils
Posts: 174

Rep: Reputation: 30
If you didn't do it, tell him to fluck himself and not worry about it.
Without the proper logs (or the ability to READ the proper logs) he is just speculating. Ask him to prove it, or stfu about it.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Document pointed by LQ to newbies won't load bruno buys LQ Suggestions & Feedback 1 08-09-2004 12:09 AM
is samba the culprit? bahadur Linux - Enterprise 1 06-24-2004 09:08 PM
I could really use some help or to be pointed where I could get some help. jmrkellers Linux - Networking 1 03-31-2004 02:28 AM
securing a linux 2 trace the hacking culprit fhameed Linux - Security 15 01-22-2004 06:47 PM
who is the culprit? (traceroute problem) domeili Linux - Networking 1 11-12-2003 09:44 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:13 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration