Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Investigating Hacker, Worm, or Backdoor

Reply
Thread Tools

Investigating Hacker, Worm, or Backdoor

 
 
dougga
Guest
Posts: n/a
 
      11-08-2004
I've been investigating a strange lease on one of my DHCP servers thatshould
not be there for any legitimate reason.
The DHCP server is embedded within my firewall: Astaro Security Linux v5
which I've felt is a robust and secure system. I'm puzzled about what I'm
seeing here, though.

Here are the logs from the server:
2004:11:01-12:46:32 (none) dhcpd: DHCPDISCOVER from 4d:c8:43:bb:8b:a6 via
eth0
2004:11:01-12:46:33 (none) dhcpd: DHCPOFFER on 10.1.255.254 to
4d:c8:43:bb:8b:a6 (detective)

In my investigation I've run into several people throughout the world who
have seen this exact MAC address and many reports of this same host name,
"detective".**I'm beginning to suspect a hacker, a backdoor on the
firewall, a worm of some kind, or a Microsoft security "feature". No way
to tell.

Here are links to some of the folks who have reported similar findings:
http://archives.neohapsis.com/archiv...4-06/1581.html
http://www.ixus.net/resume_messages.php?topic=13792 [in French]
http://www.experts-exchange.com/Netw..._21070857.html

If you have access to your company's dhcp server, you might take a quick
look at the logs.**

Here's my network setup:
Astaro Security Linux (Firewall) (3 interfaces: wireless, internal &
external)
SuSE Linux 9.1 Server
SuSE Linux 9.1 Workstation
Windows Server 2003 Test Server (now running "for small Business" package)
Windows XP/SuSE Linux 9.1 Workstation

Can anyone help shed some light on this?

Much thanks for any help

D
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Investigating whether I need to use a auto_ptr Pep C++ 14 11-17-2006 08:44 AM
MICROSOFT Investigating New IE Flaw Au79 Computer Support 0 10-02-2005 04:25 PM
MICROSOFT Investigating High-Risk IE Flaw Au79 Computer Support 0 09-03-2005 09:09 PM
investigating/understanding CPU on 4006 units DigitalVinyl Cisco 0 07-18-2005 03:34 PM
Investigating Users on Computer with XP Gunjani Computer Support 5 01-05-2004 08:30 PM



Advertisments