Xterm
From: Yahoo - CQRMail (cqrmail@yahoo.com)Date: 10/26/01
- Previous message: Skip Carter: "Re: TCP FIN Increase"
- Next in thread: dewt: "Re: Xterm"
- Reply: dewt: "Re: Xterm"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Yahoo - CQRMail" <cqrmail@yahoo.com> To: <incidents@securityfocus.com> Subject: Xterm Date: Thu, 25 Oct 2001 21:58:05 -0400 Message-ID: <FJEELJEFFFDHCDIOKCGJEECBDAAA.cqrmail@yahoo.com>
My snort IDS picked up a bunch of X11 signatures:
http://www.whitehats.com/info/ids126
Source IP is a random public address, Source port is 6000...random
destination inside ports.
I have blocked 6000 at the firewall, but I don't know where to begin
tracking down what is compromised on the server. I am running Mandrake 8,
only ports allowed are 80 and 22...xdm has been disabled.
I didn't see much in the logs, so where should I begin? and what should I
look for?
I will probably rebuild the server, but I would like to see if I can find
out what has been down first, so I can be prepared later...
TIA...new to linux, so I apologize for my crude question,
Tony
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: Skip Carter: "Re: TCP FIN Increase"
- Next in thread: dewt: "Re: Xterm"
- Reply: dewt: "Re: Xterm"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
