In short, I'd be surprised if it was an ex-employee vs one of these constant hacking attempts. As a security precaution (that maybe you're already doing) is to not allow a remote user to ssh in as root - which definitely gets the most attention and the most password attempts.
Walter.
On May 12, 2005, at 12:37 PM, larry price wrote:
On 5/12/05, Allen C Brown <[EMAIL PROTECTED]> wrote:
larry price said the following on 05/11/2005 07:25 PM:On 5/11/05, Jim Beard <[EMAIL PROTECTED]> wrote:
[cut]
Any other advice?
Change keys and passwords, revoke any certificates for which the key was available on the machine. Check the rest of your network.
use mtree or or something similar to compare the hashes of system binaries.
(http://md5deep.sourceforge.net/ can check external hash sources which
can be effective for binary distributions like RedHat)
If the attacker was thorough, you will not be able to trust *any* tools run on this system. Including mtree or cmp. The only safe approach is a fresh system install.
I wasn't thinking in terms of running from the compromised system, and i guess i should have been more clear and specified the boot from a rescue disk or other liveCD to create the forensic context.
"Assume all your assumptions are wrong."
-- http://Zoneverte.org -- information explained Do you know what your IT infrastructure does? _______________________________________________ EUGLUG mailing list [email protected] http://www.euglug.org/mailman/listinfo/euglug
_______________________________________________ EUGLUG mailing list [email protected] http://www.euglug.org/mailman/listinfo/euglug
