Renistall the whole system from scratch and remove ssh1 from the system,
update to the most current ssh2 daemon client sourceballs and fell lucky
to have learned a lesson.
Nothing short of a total reinstall from scratch will suffice at this
point.
Thanks,
Ron DuFresne
On Tue, 19 Mar 2002, Matthew Carpenter wrote:
> We are using a Netmax Firewall (3.1). We were hacked and it appears that the
> hacker has placed a script that runs now on the server that tries to hit
> random IP addresses, looking for SSH access. We have verified that the
> hacker can not get in again (we hope), and that this SSH traffic can not as
> well, but the script still runs. Unfortunately we do not have a checksum to
> verify what files were changed, and have looked at t0rn to make sure that is
> not the kit used. Does anyone have any suggestions on where to look to try
> to rectify this?
>
>
>
> Matthew Carpenter, MCP, CNA, A+
> Network Engineer and Exchange Administrator
> SARMA
> 1801 Broadway
> San Antonio, TX 78215
>
>
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
