David Richards wrote:
I would also download chkrootkit from www.chkrootkit.org to make sure
that there is no rootkits (backdoors/trojan horses) installed on the
server.
david
I just got this this morning, from someone else:
The below information is data from my firewall. As you can see it originat
I would also download chkrootkit from www.chkrootkit.org to make sure
that there is no rootkits (backdoors/trojan horses) installed on the
server.
david
On Tue, 2003-07-01 at 18:35, Bill Tangren wrote:
> MKlinke wrote:
> > On Tuesday 01 July 2003 15:45, Bill Tangren wrote:
> >
> >>I have a perple
Joe Polk wrote:
You might want to get a copy of chkrootkit and run against the machine. If
you have been rooted, it might detect something. If it comes up clean, it's
no guarantee, but you can breathe a little easier. Do some of the other
things like check for open ports. You may want to get a b
nal Message ---
From: Bill Tangren <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Sent: Tue, 01 Jul 2003 13:35:08 -0400
Subject: Re: Help with possible hacking of a VirtualHost
> MKlinke wrote:
> > On Tuesday 01 July 2003 15:45, Bill Tangren wrote:
> >
> >>I have a perplexing
On Tuesday 01 July 2003 18:35, Bill Tangren wrote:
> I requested logs from his firewall, but have not heard back. This is
> wierd as the machine in question is a server only, and I don't have
> telnet (server or client) on it. The few who have accounts have to
> use ssh (protocol 2 only) to get a
Rick Warner wrote:
I would ask for the nature of the evidence of the port scan. Also,
what is the nature of the content of the web server @ site1.com?
I have no evidence ... yet. Just someone's word that a port scan
originated from my server. The web server is simple. Two virtual hosts,
and we
MKlinke wrote:
On Tuesday 01 July 2003 15:45, Bill Tangren wrote:
I have a perplexing problem. I received an email this morning from
some one who states that he was surfing my web site site1.com, when
he received a portscan attack from site2.com. However, site2.com is a
VirtualHost that is aliased
I would ask for the nature of the evidence of the port scan. Also,
what is the nature of the content of the web server @ site1.com?
I have seen various port scan detectors flag a port scan due to
certain traffic from web sites. May be a red herring, then again it
might be real. BTW, if you had
On Tuesday 01 July 2003 15:45, Bill Tangren wrote:
> I have a perplexing problem. I received an email this morning from
> some one who states that he was surfing my web site site1.com, when
> he received a portscan attack from site2.com. However, site2.com is a
> VirtualHost that is aliased to site
I have a perplexing problem. I received an email this morning from some
one who states that he was surfing my web site site1.com, when he
received a portscan attack from site2.com. However, site2.com is a
VirtualHost that is aliased to site1.com. This person told us because he
said we might hav
10 matches
Mail list logo
