You mentioned having SSH running. What other services do you have running? Have you patched SSH for the off by one error? Have you patched for other security problems? I get hit constantly by scans for vulnerable SSH, FTP, RPC, etc Linux boxes (not as constantly as MS IIS scans though). If you have not secured your box from the outside, then you should consider the possibility it has been hacked. A quick check of this would be to reinstall with hardening measures before putting it back on the Internet and see if the problem goes away. Include a tripwire or md5sum run in your hardening measures, burning the results to CD (preferably bootable), so you can check for a hack more easily in the future.
Shwaine the Wandering Arch of Malevolence -------------------------------------------------------------- http://www.malevolence.com http://www.shwaine.com telnet://shwaine.dyn.greystoneapts.com:3000 _______________________________________________ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
