Help! I'm being attacked!
Brian Densmore
DensmoreB at ctbsonline.com
Thu Sep 19 16:08:17 CDT 2002
This is the original request for help. Doesn't seem to have made it to
the list. I don't have any indication in /tmp in fact no files there at
all!? I do believe I have chrooted jail on the box in the /home/...
subdir. I see some infected M$ hitting the box and some malformed
headers hitting the box. How can one tell the exact version of openssl
running? All I get is the version number but not the letter.
> -----Original Message-----
> From: Brian Densmore
> Sent: Wednesday, September 18, 2002 4:31 PM
> To: kclug at kclug.org
> Subject: Help! I'm being attacked!
>
>
> Just curious. Someone is trying really hard to break into my
> server using a weakness in the ssl protocol. I don't think
> they have been successful. Yet. Anyone know what I should be
> looking for, specifically in a what logs, etc? I did notice a
> sighup in the log file on a day when I couldn't have done it.
> any clue on what could cause this. Is this only something
> someone could do if they were on the box?
> A sample of the messages in question.
>
> [Sun Sep 8 04:02:01 2002] [notice] SIGHUP received.
> Attempting to restart
> [Sun Sep 8 04:02:02 2002] [notice] SIGHUP received.
> Attempting to restart
> [Fri Sep 13 17:40:48 2002] [notice] child pid 4733 exit
> signal Segmentation fault (11)
> [Sun Sep 15 04:02:00 2002] [notice] SIGHUP received.
> Attempting to restart
> [Sun Sep 15 04:02:01 2002] [notice] SIGHUP received.
> Attempting to restart
> [Tue Sep 17 17:51:20 2002] [notice] child pid 2333 exit
> signal Segmentation fault (11)
>
> Thanks,
> Brian
>
More information about the Kclug
mailing list