On Thu, 6 Jul 2000, dsbelile wrote:
>was there a login statement? like su root or su -l root? if not
>then i would not worry to much but it does look like someone tried to
>telnet in and got denied by what you
>displayed.
No evidence of a login. I may have gotten lucky.
Kenneth E. Lussier wrote:
>From the looks of it, someone connected to your machine
>and tried to use a character-based buffer-overflow to gain root. I would
>recommend changing all passwords on the system and setting up an ipchains
>rule to deny that domain.
You're referring to the domain that tried to break in, yes?
>I would aslo check the dates on any critical
>system files to make sure that they were not changed.
None that I can see.
>PS Welcome to the wonderful world of computer forensics ;-)
I know. It doesn't get any better than this does it? :-)
Cole Tuininga wrote:
>Yup - report it to sympatico.ca.
Done.
Thanks to all.
C
Charlie Farinella
[EMAIL PROTECTED]
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
