Re: break in?
From: Barrie Dempster (barrie_at_reboot-robot.net)
Date: 11/13/05
- Previous message: jordanpw: "Re: What server hardening are you doing these days?"
- In reply to: Paul Greene: "break in?"
- Next in thread: Ben Conrad: "RE: break in?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Paul Greene <techlists@comcast.net> Date: Sun, 13 Nov 2005 13:24:10 +0000
On Sat, 2005-11-12 at 00:18 -0500, Paul Greene wrote:
> Based on these symptoms, can anyone tell me what happened? In
> particular, for educations sake, can anyone tell what the specific
> exploit that was used in this case,
Nope, because their really isn't enough information to even hazard a
guess. Accessing sites in Poland and Russia doesn't really narrow down
the attack !
> and possibly a reference where I can
> go analyze further what happened?
Have you identified all of the current executables running on the
system, have you checked for signs of a rootkit ? This would be the next
step if you want to know what was going on.
Until you get some sort of evidence of whatever it is that's going on
anything here would just be guesswork. Without even the URL's being
accessed we have very little to go on.
-- With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue "He who hingeth aboot, geteth hee-haw" Victor - Still Game blog: http://reboot-robot.net sites: http://www.bsrf.org.uk - http://www.security-forums.com ca: https://www.cacert.org/index.php?id=3
- application/x-pkcs7-signature attachment: smime.p7s
- Previous message: jordanpw: "Re: What server hardening are you doing these days?"
- In reply to: Paul Greene: "break in?"
- Next in thread: Ben Conrad: "RE: break in?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
