Hi Everybody somebody sniffed our local network! that automatically generated mail on our RH 6.1 server (posted earlier) was generated by linsniffer only. I found the same mail generated to another address max_003_2000@yahoo.com with subject "F the rwetter" he replaced the netstat,ifconfig,top,ps to some older version created on Sep 26 1983. chor is here n /dev/ida/.inet
ls -l /dev/ida/.inet -rwx------ 1 root root 7165 Sep 26 1983 linsniffer* -rwx------ 1 root root 75 Sep 26 1983 logclear* -rw-r--r-- 1 root root 4 Jun 22 14:09 pid -rw-r--r-- 1 root root 701 Jun 13 16:53 s -rwxr-xr-x 1 root root 4060 Sep 26 1983 sense* -rwx------ 1 root root 8268 Sep 26 1983 sl2* -rw------- 1 root root 541 Sep 26 1983 ssh_host_key -rw------- 1 root root 512 Jun 22 14:09 ssh_random_seed -rwxr-xr-x 1 root root 686535 Dec 3 2000 sshdu* -rw-r--r-- 1 root root 936166 Jun 22 15:03 tcp.log
'tcp.log' is the list of username, passwords & some contents of outgoing mail. mostly pop3, ftp passwords are listed which are using on other windows clients. This file doesn't containing our dial-up account's password and official website's.
how can I find more details like who is this sniffer and when he enter in to our m/c?
Any way I am very happy to learn about all these things. thankyou linsniffer. As a layman this is good experience for me.
waiting for more comments on security issues, hacking and cracking... I got one article on linsniffer http://www.linux4biz.net/articles/articlesniff.htm happy week-end, I will be back on Monday.
Regards Benoy