On Sat, 2005-11-12 at 00:18 -0500, Paul Greene wrote: > Based on these symptoms, can anyone tell me what happened? In > particular, for educations sake, can anyone tell what the specific > exploit that was used in this case,
Nope, because their really isn't enough information to even hazard a guess. Accessing sites in Poland and Russia doesn't really narrow down the attack ! > and possibly a reference where I can > go analyze further what happened? Have you identified all of the current executables running on the system, have you checked for signs of a rootkit ? This would be the next step if you want to know what was going on. Until you get some sort of evidence of whatever it is that's going on anything here would just be guesswork. Without even the URL's being accessed we have very little to go on. -- With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue "He who hingeth aboot, geteth hee-haw" Victor - Still Game blog: http://reboot-robot.net sites: http://www.bsrf.org.uk - http://www.security-forums.com ca: https://www.cacert.org/index.php?id=3
smime.p7s
Description: S/MIME cryptographic signature
