LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] Under attack ?

[ILUG] Under attack ?

Niall O Broin nobroin at sced.esoc.esa.de
Wed Oct 6 13:50:11 IST 1999 

A machine which I maintain is on the internet, visible to the world. It's
a web server and it's regularly updated by a machine on a private LAN which
connects to the internet via dial-up ISDN. This morning the file transfer
stopped working with error messages which led me to think it was something
to do with ssh (I use ssh/scp to move files to the web server and to initiate
the web server update process from the local machine). Sure enough, investigation
of the machine reveals that the relevant .ssh directory is gone, vanished, no
longer there. This happened some time this morning because

a) the relevant .ssh directory is still found by locate so it was there when
updatedb was last run.

b) web server updating worked earlier this morning.

The two alternative possibilities are

i) One of the people ftp'ing files to/from this machine today managed to blow
away the .ssh directory using Fetch on a Macintosh.

ii) Malice

I'm leaning towards i) as one of the people deleted some files in a subdirectory
of the home directory - shouldn't have been possible to touch .ssh, and he insists
that he didn't, but that he did notice .ssh in a listing. If it was ii) it'd have to
have been very coincidental, as it happened around the time that ftp was being used.
Also, if an attacked gains access to a level where he could delete the .ssh directory
what would it benefit him to do so ?


Ideas welcome,


Niall  O Broin		

UNIX Network Administrator 		 	nobroin at esoc.esa.de
Ground Systems Engineering Department		Ph./Fax  +49 6151 90 3619/2179
European Space Operations Centre, Darmstadt, Germany

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell