Investigating an intrusion with fake logs
-
@Bob-Dig I am curious to about these fake logs.
-
@michmoor
@Bob-DigThe live ip in action (in double terminated brackets above) was changed to the AT&T ip address when i rebooted my system as a precaution.
Same date/time and sniffed packet violations.
My assumption is this is standard operating procedure using a VPN, something I would consider doing if i was a felonious hacker probing matt oliver's computer do because only a moron hacks from a compromised system, which is inevitable as well as the result of this malicious maneuver of a peon apparently looking for a needle in a haystack, whether it be crypto (no interest), or a hot file to sell to a da to esacpe his next court case presumably also (a rat).
-
@myfamilydeservesbetter said in Investigating an intrusion with fake logs:
@michmoor
@Bob-DigThe live ip in action (in double terminated brackets above) was changed to the AT&T ip address when i rebooted my system as a precaution.
Same date/time and sniffed packet violations.
My assumption is this is standard operating procedure using a VPN, something I would consider doing if i was a felonious hacker probing matt oliver's computer do because only a moron hacks from a compromised system, which is inevitable as well as the result of this malicious maneuver of a peon apparently looking for a needle in a haystack, whether it be crypto (no interest), or a hot file to sell to a da to esacpe his next court case presumably also (a rat).
Yet, you have not answered the question...what fake log? Show us, will you?
-
and +1 from me.
See my foot note, just below, for further explanation. -
@Gertjan if you have nothing to contribute, than gtfo my thread BITCH.
-
@myfamilydeservesbetter cmon dudeā¦.
-
myfamilydeservesbetter said in Investigating an intrusion with fake logs:
@Gertjan if you have nothing to contribute, than gtfo my thread BITCH.Well I think he was asking you to contribute the logs, which seems perfectly valid.
@myfamilydeservesbetter
Btw: You are now only 1 more rude post from ending on my forum blocklist./Bingo
-
@myfamilydeservesbetter said in Investigating an intrusion with fake logs:
if you have nothing to contribute
I have, and I'm going to.
This :intrusion with fake logs
is serious.
Yet, all I have is these four words.
I presume you saw the logs.
If possible, remove private items share them, post them here.The logs, not always well understood, are there to indicate what happened with the system with a time stamp, and as such a very important analysis tool.
If a system got breached, some one not authorized logins in, the very first thing he would do is modifying the logs to wipe out his "visits".
Like : breaking into a store, and remove the videos of all the security cameras first.Also : sharing examples of log examples on the forum will helps other to recognize situations.
@bingo600 said in Investigating an intrusion with fake logs:
1 more rude post
I didn't meant to be rude, as such behavior doesn't contribute to "finding answers". My way of motivating people to share as much possible info is/was maybe somewhat harsh.
You are, of course, totally free to interpret my words.
I was just asking for the logs .... because the subject of this thread is about logs. -
I didn't mean you were rude (sorry) .. You just wanted to be helpfull
I surely meant OP
/Bingo
-
@myfamilydeservesbetter said in Investigating an intrusion with fake logs:
@Gertjan if you have nothing to contribute, than gtfo my thread BITCH.
This tone and language is most certainly uncalled for. As the moderator for this sub-forum, consider this your first warning. Please tone down the rhetoric.
-
Yup that^. Keep it civil please.
I will add that if you're running Snort on WAN you're going to see a lot of hits. Generally unless you are forwarding traffic to internal services they are not really useful.
Steve
