On Fri, 3 Dec 1999 15:45:14 -0600 (CST), Simon Epsteyn wrote:
>On Fri, 3 Dec 1999, Chris Worth wrote:
>
>> Ok just before I left on Thanksgiving holiday. I learned that my rh6.1
>> box had been compromised. No, loss of data to speak of. it is really
>> just a learning box. At any rate, I was able to ftp the messages file
>> off. Here is a chunk of it.
>
>How did you learn this? What makes you think that you got cracked?
>
The admin guy from down the hall skipped over and said "I got email from a guy in
japan that said your machine was being used to attack one of his" he'd gotten a
message addressed to sysadmin at our domain. Soooo....
I then turned the monitor on my linux box. I tried to log in. Hmmm... interesting I
was
unable to log in on any account. FTP was working, but all other services were hosed.
>You do install security patches as they come out, right?
>
Ummm no. But to point out that I'm not a complete bumbler, this box only had some
website stuff on it. I'm in the process of learning this whole linux thing. I will
also point
out that I'm totally rehabilitated now. I was in the process of getting portsentry
etc. up
and running. I just got whacked before i could do it.
chris
>> Nov 18 00:15:49 flowman2 in.telnetd[20074]: connect from 207.139.76.99
>> Nov 18 00:55:25 flowman2 in.telnetd[20128]: connect from 207.139.76.99
>
>Btw, 207.139.76.0 - 207.139.76.255 is owned by:
>Planete Virtuelle (Virtual Planet) (NETBLK-V-PLANET-NET) V-PLANET-NET
>
>/Simon
>
>
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
