security
Frank J. Carmickle
frankiec at braille.uwo.ca
Mon Oct 30 10:11:58 EST 2000
This is very true. Shawn calls me up at 12:00 am saying that sshd is
running but he can't get any connections on port 22. Tcpdump on port 22
revealed some trafic. Searching through inetd revealed some crazy service
called smbd2 which spauned a shell as root. This all happened after the
machine misteriously rebooted.
Fun!
FC
On Mon, 30 Oct 2000, Kirk Wood wrote:
> You should look for any connections from IP addresses you don't
> recognize. While this would be harder for a production system, on a home
> system it shouldn't be too tough. I would pay particular attention to ftp
> connections (if you have the service available.
>
> As for everything you can look for, that fills books and employs
> profesionals all with their own opinion. And just so you know, if you have
> a full time connection and find one day you can't log into your own
> machine. Turn it off. I have a friend who thought somethign had just gone
> wrong and needed fixed. Turns out his system had been compromised. If in
> doubt shut down and remove it from the net.
>
> =======
> Kirk Wood
> Cpt.Kirk at 1tree.net
>
>
>
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>
More information about the Speakup
mailing list