Howdy
I think someone has cracked my Linux box. I keep having named failures and
tonight I noticed something very unusual in the process list, their were a
HEAP of these processes, here is a small sample
root 21797 0.0 0.5 1072 336 ? S N 11:31 0:00 ./bind
208.130.87.49 -v r
root 21799 0.0 0.5 1072 336 ? S N 11:31 0:00 ./bind
208.130.87.51 -v r
root 21801 0.0 0.5 1072 336 ? S N 11:31 0:00 ./bind
208.130.87.52 -v r
root 21815 0.0 0.5 1072 336 ? S N 11:31 0:00 ./bind
208.130.87.53 -v r
root 21817 0.0 0.5 1072 336 ? S N 11:31 0:00 ./bind
208.130.87.54 -v r
root 21819 0.0 0.5 1072 336 ? S N 11:31 0:00 ./bind
208.130.87.55 -v r
root 21821 0.0 0.5 1072 336 ? S N 11:31 0:00 ./bind
208.130.87.56 -v r
root 21823 0.0 0.5 1072 336 ? S N 11:31 0:00 ./bind
208.130.87.59 -v r
root 21825 0.0 0.5 1072 336 ? S N 11:31 0:00 ./bind
208.130.87.60 -v r
root 21827 0.0 0.5 1072 336 ? S N 11:31 0:00 ./bind
208.130.87.61 -v r
root 21829 0.0 0.5 1072 336 ? S N 11:31 0:00 ./bind
208.130.87.57 -v r
root 21831 0.0 0.5 1072 336 ? S N 11:31 0:00 ./bind
208.130.87.62 -v r
root 21833 0.0 0.5 1072 336 ? S N 11:31 0:00 ./bind
208.130.87.58 -v r
root 21835 0.0 0.5 1072 336 ? S N 11:31 0:00 ./bind
208.130.87.63 -v r
as well as
root 21297 0.0 0.6 1088 380 ? S N 11:22 0:00 tail -f
bindname.log
but I am unable to locater any file called bindname.log on my system ??
so the obvious thing is I have to reinstall (RH 6.2) but is their any way I
can figure out how they are getting in and stop them in the short term ?
Regards
PMc
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
