Yesterday, at 08:20, Ashwin Kutty sent through the Star Gate: > >If this is the third time, you might want to look into the security of >your system as well; not to mention think of a honey pot in case you are >being singled out by someone for some reason..
This doesn't appear to be a personal attack. He picked the box I ran only DNS on, and the one I *never* check up on. Seems he built a nest there and used it to probe other machines. That's how I was alerted to the problem - I received numerous emails from network security people last week complaining that someone on my system was doing systematic probes on their boxes trying to find security holes. I had no users on that computer except root and myself. I found a user I didn't recognize with uid 47, and /var/log/messages had gaps in it, and showed probes being sent out. The mail queue had several letters in it from root addressed to the presumed guilty party that contained my system information. I can't prove it, but I think he got in through bind. I didn't have trouble on the leased server until I started running my own DNS. And he was easily able to hack into the local box in question even with an upgrade from 6.1 to 6.2, both of which contained older versions of bind. Glen _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
