I'm surprised more people aren't running tripwire or other IDS.
On Tue, Jun 2, 2009 at 1:37 PM, Guntram Trebs wrote:
> Hello,
>
> there are few chances of replacing sshd without being root. In your place i
> would install every server new.
>
> I think, he spied out passwords and maybe got root-Pa
Hi,
human race condition, this should have been DSA 1811-1.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpCqZJJfQaZI.pgp
Description: PGP signature
Hello,
there are few chances of replacing sshd without being root. In your
place i would install every server new.
I think, he spied out passwords and maybe got root-Passwords in this
way. Possibly he has even accessed servers where you didn't find him and
left backdoors there. (manipulation
On Tue, Jun 2, 2009 at 6:42 PM, Wade Richards wrote:
> Don't obsess on root access. Any unauthorized use is a problem.
You are right of course. Right after I sent my message saying that
"perhaps the machine hasn't been exploited yet" I realised how wrong
such a view is. Someone gained access to
Although it's worse if an attacker has root, don't think that just because
the attacker doesn't have root, it's no big deal. If an attacker can run
(even as an ordinary user) unauthorized software on your machine, then
your machine may be part of a botnet. And having unauthorized user access
to a
On Mon, Jun 01, 2009 at 07:23:27AM -0400, Michael Stone wrote:
> Yes, that's a typical location for intruders to drop files. Easiest
> thing to do is reinstall after thinking about how the compromise may
> have occurred. (Did you update regularly, including kernel updates? Did
> all accounts
Izak Burger schrieb:
On Mon, Jun 1, 2009 at 12:26 PM, Vladislav Kurz
I agree, chances are the box hasn't been exploited just yet, but I
would be worried about just how he got that file there in the first
place. We know that directory is world writable, so it could have been
written by anythin
7 matches
Mail list logo