> I think our Linux machine was hacked. I checked the message log, and
> found a mysterious RPC connection from 210.114.231.130, after that
Almost certainly the portmap attack
> Any people for suggestion and comment? I still don't know how this guy
> first access into our system. We have strict account adminstration. Where can
> I find more about Linux security? Thanks in advance.
Most likely via a bug in a system service, especially if you dont have
ones you dont use disabled/firewalled. You will find a list of errata for
almost all the distributions on their web site, as well as notification mail
lists.
Alan
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
