Auditing
From: Paulo Fragoso (paulo@nlink.com.br)
Date: 02/06/02
- Next message: Eli Dart: "Re: Auditing"
- Previous message: Brett Glass: "Re: Is this evidence of a break-in attempt?"
- Next in thread: Eli Dart: "Re: Auditing"
- Maybe reply: Eli Dart: "Re: Auditing"
- Reply: Rik: "Re: Auditing"
- Reply: Edwin Chen: "how to detect a illegal connect on local network ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 5 Feb 2002 22:24:24 -0200 (BRST) From: Paulo Fragoso <paulo@nlink.com.br> To: <freebsd-security@freebsd.org>
Hi,
We have a client which was using 4.2-RELEASE and telnetd enabled. In that
machine was running an ircd installed and started by a hacker, probaly
exploiting telnetd hole.
We have instaled 4.5-RELEASE using another HD and log_vain="YES" in the
rc.conf. Some time after that upgrade, someone try to connect in this
machine:
Connection attempt to UDP mmm.mmm.mmm.mmm:22 from hhh.hhh.hhh.hhh:1384
How can we found in the old system all mechanism to enable remotely ircd
or backdoor? Are there any rootkit which it has a backdoor at UDP port 22?
Paulo.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Eli Dart: "Re: Auditing"
- Previous message: Brett Glass: "Re: Is this evidence of a break-in attempt?"
- Next in thread: Eli Dart: "Re: Auditing"
- Maybe reply: Eli Dart: "Re: Auditing"
- Reply: Rik: "Re: Auditing"
- Reply: Edwin Chen: "how to detect a illegal connect on local network ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
