From: Paul Jakma (paul at domain clubi.ie)
Date: Fri 01 Sep 2000 - 02:16:46 IST
On Thu, 31 Aug 2000, Joshua R. Beining wrote:
> Thanks Gary. I actually already found that article. It is what pointed me
> in the hacked system direction. After about 1 hour of looking around, the
> system has definitely been hacked (damn!). in.sysched is just one of many
> tools that were installed. And I believe that it is some type of DDOS tool
> (unless someone knows otherwise). The others include a trojaned ps, sshd
> and login, a prog to clean any reference to an ip/user in all the /var/log/*
> files, a sniffer, and a nice little shell script that installs them all.
> Argh! And I was hoping to leave work early today. LOL. If anyone has any
> comments, I'd love to hear them. I'll let you all know what I find.
a little writeup would be cool.
the state of the machine before. (ie what level of security was
expected from the box).
how they got in.
what they did.
how you discovered it.
what you did
hindsight is 20/20 - what could have been done.
might be something for the linux.ie website?
-- Paul Jakma paul at domain clubi.ie PGP5 key: http://www.clubi.ie/jakma/publickey.txt ------------------------------------------- Fortune: Now and then an innocent man is sent to the legislature.
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:07:22 GMT