Hi,
This morning I found out that the gateway(running Red hat Linux 5.0 with
10.0.0.X and 12.9.165.X) had been hacked. In the /etc/passwd, there are
two new accounts created for Malk and Malk2 respectively and their home
directory was /tmp. Also for /etc/inetd.conf, the following two lines
are repeated again at the bottem of /etc/inetd.conf.
ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -a
telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
Are there any tools I can use to check if someone is cracking the root's
password. Also I want to know if the intruder was inside of my local
network or far from the internet since I have installed IP packet filter
on the other gateway! Any sniffer recommended?
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
