hi alan where are you ???
if in silicon valley...
you can be back online within 1hr or so...
( assuming you have data-only backed up prior to the hacker getting
( into your box..
if the [h/cr]acker didnt "rm -rf /" your machine..you're still online..
- maybe just sniffing your passwds ???
- maybe using it to hack other boxes ??
- you need to see what its doing... and than prevent that from
happening on oyour next install
- if you think they used a simple/ordinary rootkits... you can
try some of the rootkit detectors
http://www.chkrootkit.org/
http://www.blackcode.com/scan
( scans your machine - or used to scan for rootkits/trojans )
otherwise..
http://www.Linux-Sec.net/Tracking
have fun
alvin
http://www.Linux-Sec.net/
On Thu, 10 Jan 2002, Alan Aldrich wrote:
>
> Not sure what all it did, but really played havoc with SSH and some other
> networking components and is keeping my aventail authentication server from
> honoring socks requests.
> Can someone help undo whatever it did or point me to a site that covers it? I
> need to get this server back online quick
> Thanks
> alan
>
>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
pgpvon14GuSvt.pgp
Description: PGP signature
