Re: ICMP type 3, an attack?
From: Jem Berkes (jb_dontuse@pc9.org)Date: 02/04/02
- Next message: Michael Erskine: "Re: From Root to non-Root on the fly => HOW?"
- Previous message: ujay: "Re: ICMP type 3, an attack?"
- In reply to: ujay: "Re: ICMP type 3, an attack?"
- Next in thread: RainbowHat: "Re: ICMP type 3, an attack?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Jem Berkes <jb_dontuse@pc9.org> Date: Mon, 04 Feb 2002 05:25:36 GMT
> I am now thinking it is likely that my machine has been compromised,
> but have found no point of entry yet, nor any evidence to support that
> conclusion other than the 30 portscan entries. My main suspicions at
> this moment are wu-ftp, or ssh, although I am not ruling out httpd,
> httpd-perl, https, or even mysql, which are the only other ports
> listening on the system.
>
> Looks like I will be busy with backups and reinstall.
It might not be compromised. I'm kind of assuming that whatever is causing
the logfile entries on mine is also causing the entries in yours.
The system I originally my logfile entry was running only the following
services at the time: Apache 1.3.23, OpenSSH 3.0.2p1 on kernel 2.4.17. Plus
firewalling. And the machine was set up fresh that day.
So simply put, if someone hacked me that quick with those latest versions
installed then a lot of people are screwed :)
- Next message: Michael Erskine: "Re: From Root to non-Root on the fly => HOW?"
- Previous message: ujay: "Re: ICMP type 3, an attack?"
- In reply to: ujay: "Re: ICMP type 3, an attack?"
- Next in thread: RainbowHat: "Re: ICMP type 3, an attack?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
