Mukund Deshmukh saw fit to inform LI that:
>Please look in var/log/message and post the relevant part.
>BTW if you know "mail.mydomain.com" then contact them.
>and ask for explanation.
This has been resolved. I got a mail from Tony Rowley, postmaster of
Netaxxs (the hacker's upstream) that he is investigating this.
Also, the attack on CFTRI's server was a typical "rootkit" - a readymade
cracking tool used by script kiddies, and which works quite well on old
unix boxes.
Only solution now - check all your tripwire checksums to verify for
trojans, and delete / reinstall those binaries.
Failing that, reinstall unix on that box, and change ALL the passwords
asap.
-suresh
>-----Original Message-----
>From: Krishna Rao SN <[EMAIL PROTECTED]>
>To: Linux-India-Help@Lists. Linux-India. Org
><[EMAIL PROTECTED]>
>Date: Monday, June 05, 2000 11:16 AM
>Subject: [LIH] unauthorized access attempt - portscan
>
>
>>I have received an email with the following:
>>
>>Portscans of port 111 (portmap) have been detected and logged to this
>>computer and this network from mail.mydomain.com, xxx.xxx.xxx.xxx Please
>>take appropriate action to ensure this action ceases ASAP.
>>
>>--SFB Administrator
>>
>>What is the solution
>>Thanks in
>advance---------------------------------------------------------------------
--
Suresh Ramasubramanian | sureshr at staff.juno.com
Philosophy will clip an angel's wings.
-- John Keats
-----------------------------------------------------------------------
For information on this and other Linux India mailing lists check out
http://lists.linux-india.org/
