Thanks Gary. I actually already found that article. It is what pointed me
in the hacked system direction. After about 1 hour of looking around, the
system has definitely been hacked (damn!). in.sysched is just one of many
tools that were installed. And I believe that it is some type of DDOS tool
(unless someone knows otherwise). The others include a trojaned ps, sshd
and login, a prog to clean any reference to an ip/user in all the /var/log/*
files, a sniffer, and a nice little shell script that installs them all.
Argh! And I was hoping to leave work early today. LOL. If anyone has any
comments, I'd love to hear them. I'll let you all know what I find.
From: ilug-admin at linux.ie [mailto:ilug-admin at linux.ie]On Behalf Of
gary at netsoc.tcd.ie
Sent: Thursday, August 31, 2000 3:48 PM
To: ilug at linux.ie
Subject: Re: [ILUG] Sinking feeling - in.sysched
On Thu, Aug 31, 2000 at 03:11:44PM -0700, Joshua R. Beining wrote:
... about in.sysched
found this link on Google: http://plug.skylab.org/200007/msg00533.html
The people there considered that the machine was probably hacked, since
nobody had heard of the program before (I certainly haven't).
(btw I know my headers are probably still screwed up)
... lend your voices only to sounds of freedom. No longer lend your
strength to that which you wish to be free from. --- Jewel
Irish Linux Users' Group: ilug at linux.iehttp://www.linux.ie/mailman/listinfo/ilug for (un)subscription information.
List maintainer: listmaster at linux.ie
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!