Investigating an intrusion with fake logs
-
@myfamilydeservesbetter said in Investigating an intrusion with fake logs:
Forcing a reload, which is a felony.
Not at all, from a network administrator perspective as, it quickly allows change implementation.
Remember, the NIC sees the traffic before the firewall does which will block that traffic since no source from LAN originated it.
-
What fake logs?
-
@Bob-Dig I am curious to about these fake logs.
-
The live ip in action (in double terminated brackets above) was changed to the AT&T ip address when i rebooted my system as a precaution.
Same date/time and sniffed packet violations.
My assumption is this is standard operating procedure using a VPN, something I would consider doing if i was a felonious hacker probing matt oliver's computer do because only a moron hacks from a compromised system, which is inevitable as well as the result of this malicious maneuver of a peon apparently looking for a needle in a haystack, whether it be crypto (no interest), or a hot file to sell to a da to esacpe his next court case presumably also (a rat).
-
@myfamilydeservesbetter said in Investigating an intrusion with fake logs:
The live ip in action (in double terminated brackets above) was changed to the AT&T ip address when i rebooted my system as a precaution.
Same date/time and sniffed packet violations.
My assumption is this is standard operating procedure using a VPN, something I would consider doing if i was a felonious hacker probing matt oliver's computer do because only a moron hacks from a compromised system, which is inevitable as well as the result of this malicious maneuver of a peon apparently looking for a needle in a haystack, whether it be crypto (no interest), or a hot file to sell to a da to esacpe his next court case presumably also (a rat).
Yet, you have not answered the question...what fake log? Show us, will you?
-
and +1 from me.
See my foot note, just below, for further explanation. -
@Gertjan if you have nothing to contribute, than gtfo my thread BITCH.
-
@myfamilydeservesbetter cmon dudeā¦.
-
myfamilydeservesbetter said in Investigating an intrusion with fake logs:
@Gertjan if you have nothing to contribute, than gtfo my thread BITCH.Well I think he was asking you to contribute the logs, which seems perfectly valid.
@myfamilydeservesbetter
Btw: You are now only 1 more rude post from ending on my forum blocklist./Bingo
-
@myfamilydeservesbetter said in Investigating an intrusion with fake logs:
if you have nothing to contribute
I have, and I'm going to.
This :intrusion with fake logs
is serious.
Yet, all I have is these four words.
I presume you saw the logs.
If possible, remove private items share them, post them here.The logs, not always well understood, are there to indicate what happened with the system with a time stamp, and as such a very important analysis tool.
If a system got breached, some one not authorized logins in, the very first thing he would do is modifying the logs to wipe out his "visits".
Like : breaking into a store, and remove the videos of all the security cameras first.Also : sharing examples of log examples on the forum will helps other to recognize situations.
@bingo600 said in Investigating an intrusion with fake logs:
1 more rude post
I didn't meant to be rude, as such behavior doesn't contribute to "finding answers". My way of motivating people to share as much possible info is/was maybe somewhat harsh.
You are, of course, totally free to interpret my words.
I was just asking for the logs .... because the subject of this thread is about logs. -
I didn't mean you were rude (sorry) .. You just wanted to be helpfull
I surely meant OP
/Bingo
-
@myfamilydeservesbetter said in Investigating an intrusion with fake logs:
@Gertjan if you have nothing to contribute, than gtfo my thread BITCH.
This tone and language is most certainly uncalled for. As the moderator for this sub-forum, consider this your first warning. Please tone down the rhetoric.
-
Yup that^. Keep it civil please.
I will add that if you're running Snort on WAN you're going to see a lot of hits. Generally unless you are forwarding traffic to internal services they are not really useful.
Steve
