One of my co-workers maintains a really good collection of security links
at http://people.redhat.com/~wil
--Matt
--
Matt Galgoci
Job title: export title=`dd if=/dev/random bs=24 count=1`
echo $title
On Fri, 3 Dec 1999, Chris Worth wrote:
> On Fri, 3 Dec 1999 15:45:14 -0600 (CST), Simon Epsteyn wrote:
>
> >On Fri, 3 Dec 1999, Chris Worth wrote:
> >
> >> Ok just before I left on Thanksgiving holiday. I learned that my rh6.1
> >> box had been compromised. No, loss of data to speak of. it is really
> >> just a learning box. At any rate, I was able to ftp the messages file
> >> off. Here is a chunk of it.
> >
> >How did you learn this? What makes you think that you got cracked?
> >
>
> The admin guy from down the hall skipped over and said "I got email from a guy in
> japan that said your machine was being used to attack one of his" he'd gotten a
> message addressed to sysadmin at our domain. Soooo....
> I then turned the monitor on my linux box. I tried to log in. Hmmm... interesting I
>was
> unable to log in on any account. FTP was working, but all other services were hosed.
>
>
> >You do install security patches as they come out, right?
> >
>
> Ummm no. But to point out that I'm not a complete bumbler, this box only had some
> website stuff on it. I'm in the process of learning this whole linux thing. I will
>also point
> out that I'm totally rehabilitated now. I was in the process of getting portsentry
>etc. up
> and running. I just got whacked before i could do it.
>
> chris
>
>
>
> >> Nov 18 00:15:49 flowman2 in.telnetd[20074]: connect from 207.139.76.99
> >> Nov 18 00:55:25 flowman2 in.telnetd[20128]: connect from 207.139.76.99
> >
> >Btw, 207.139.76.0 - 207.139.76.255 is owned by:
> >Planete Virtuelle (Virtual Planet) (NETBLK-V-PLANET-NET) V-PLANET-NET
> >
> >/Simon
> >
> >
>
>
>
> --
> To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> as the Subject.
>
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
