Help! I'm being attacked
Dustin Decker
dustind at moon-lite.com
Thu Sep 19 14:46:52 CDT 2002
On Thu, 19 Sep 2002, Brian Densmore wrote:
> Hello again. I don't see any trace of an intrusion.
> I did apply patches recently but have been away recently and haven't
> applied probably the latest patch. Here is something that is bothering
> me. Not sure if I configured it like this way back when. Can someone
> offer some clue on my syslog file? here is a ps:
I may have jumped the gun just a bit on my analysis... I looked at the
log entries you shared, and have seen some similar on known exploited
machines I helped clients clean up earlier this week.
The quickest way to verify infection has/hasn't occurred is to look in
/tmp for .bugtraq or .bugtraq.c
If present, you've been hit. If not, I'd say your issue is something
else. Mind you, another post just came across the list that probably
better explains things.
Dustin
--
*-----------------------------------*
| Dustin Decker |
| dustind at moon-lite.com *-----------------------------------------*
| http://www.dustindecker.com | |
| Moon-Lite Computing | |
| 913.579.7117 | A man always needs to remember one |
*-----------------------------| thing about a beautiful woman. |
| Sonewhere, somebody's tired of her. |
| |
| |
*-----------------------------------------*
More information about the Kclug
mailing list