Re: possibly compromised redhat 7.2 box

From: Kalpin Erlangga Silaen (kalpin_at_solonet.co.id)
Date: 05/24/04

  • Next message: Jay Lopez: "Removing Local Admin Rights..." 
    To: "Melissa McGillis" <mcgillim@cis.uab.edu>, "Security-Basics" <security-basics@securityfocus.com>
Date: Mon, 24 May 2004 11:55:36 +0700

    Dear Melissa,
    I think this happen because someone (I hope s/he is your Administrator)
    changed/upgraded your sshd. To fix it, try to edit your known_hosts2 at
    ~/.ssh/
    or just remove ~/.ssh by typing : $rm -rf .ssh.
    If you are using windows then remove putty.rnd (if you are using putty) from
    root directory (please read the manual).

    I hope this will help you

    Regards,

    Kalpin Erlangga S

    ----- Original Message -----
    From: "Melissa McGillis" <mcgillim@cis.uab.edu>
    To: "Security-Basics" <security-basics@securityfocus.com>
    Sent: Friday, May 21, 2004 2:17 AM
    Subject: possibly compromised redhat 7.2 box

    > Hello,
    >
    > I have a redhat 7.2 server that stopped accepting my ssh login. I can
    still
    > use my login at the terminal. I also noticed that the host key changed. My
    > only guess at this point is that the box was probably compromised. Any
    good
    > software out there to help me figure it out? Any other ideas as to what
    > would cause this?
    > Anything helps,
    > Melissa
    > (THIS IS IN NO WAY AFFILIATED WITH UAB. It's just the address I use for
    > lists.)
    >
    >

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------

  • Next message: Jay Lopez: "Removing Local Admin Rights..."

    Relevant Pages

    • RE: Cisco CSA
      ... Ethical Hacking at the InfoSec Institute. ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of ... pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • RE: Any reason not to use strcpy, strcat or scanf?
      ... Ethical Hacking at the InfoSec Institute. ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ... pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • RE: New Trojan?
      ... > Ethical Hacking at the InfoSec Institute. ... Attend a course taught by an expert instructor with years of ... pen testing experience in our state of the art hacking lab. ... to facilitate one-on-one interaction with one of our expert instructors. ...
      (Security-Basics)
    • RE: Wireless access
      ... Ethical Hacking at the InfoSec Institute. ... to facilitate one-on-one interaction with one of our expert instructors. ... pen testing experience in our state of the art hacking lab. ... Attend a course taught by an expert instructor with years of in-the-field ...
      (Security-Basics)
    • Re: antivirus for linux
      ... Ethical Hacking at the InfoSec Institute. ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ... pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)