Im afraid it happened

From: megahurts (smailman@yahoo.com)
Date: 01/23/03 

From: smailman@yahoo.com (megahurts)
Date: 23 Jan 2003 06:14:44 -0800

Everyone,

I was tooling around one of my servers the other day. I occasionally
run the "last" command to see who has been logging in. This is what
popped up on one of my servers

name pts/4 host.domain Wed Jan 22 14:47 still logged
in
name pts/3 isp01.cedarville Tue Jan 21 15:38 - 15:46
(00:08)
name pts/1 isp01.cedarville Tue Jan 21 14:11 - 14:13
(00:01)
X******* ****X******* 31382 Wed Jan 22 12:00 still logged
in

I have sanitized all other entries EXCEPT the X******* ****X*******
one. This is someone who has compromised my machine? I havent been
able to trace this to anything on the web.

Without disturbing too much, I ran md5's on common trojaned binaries
and they checked out ok. I Ran some tools to check for rootkits and
have turned up nothing. Can anyone point me in the right direction on
this? What is it?

As an aside, this is what happens when management lays off 1/2 the IT
Dept. Then hires new CFO, Directors and sales people. We are a small
dotcom, and contrary to what my management believes, the network and
servers ARE the business, NOT SALES and MARKETING. We just dont have
the staff to keep up with the day to day administration of these
machines, as well as roll out new datacenters and servers. We keep
increasing our exposure by adding more targets to the internet. Oh
well, management wants to know how this happened and why we cant stop
it. They refuse to believe IT is undermanned. Sorry for the soap box,
I just needed to vent.

PEACE

Relevant Pages

  • RE: Betr.: Re: MS Patches Management software: SUS vs 3rd party
    ... We are also currently looking at a solution for updating our clients and servers. ... The major drawback is that if a new unpatched client connects to it, it retrieves all patches at once. ... There is no management in SUS, ... >The Presidio integrates PGP data encryption and XML Web Services security to ...
    (Security-Basics)
  • Re: Betr.: Re: MS Patches Management software: SUS vs 3rd party
    ... > it retrieves all patches at once. ... There is no management in SUS, ... > If they are planning to include the Windows NT 4.0 servers for the ... >> simplify the management and deployment of PGP and reduce overall PGP ...
    (Security-Basics)
  • RE: OpenVMS - When downtime is not an option
    ... And that is a management problem and not a Windows problem. ... Which typically means servers require ... Also, remember that dev/test environments ...
    (comp.os.vms)
  • Re: Project 2003 EPM performance improvements
    ... I did not see a Project 2003 Managed Newsgroup so I hope this is the next ... Our upper management would like us to find out if there are any improvements ... The servers are midrange Dell ... The database server is using iSCSI technology for its SQL ...
    (microsoft.public.office.misc)
  • RE: [fw-wiz] question on securing out-of-band management
    ... Tongue visibly protruding through cheek - Windows and Cisco, ... If the server is somehow compromised, the management network ... network KVM is a nice way to do OOB management for Windows servers. ... but your big risk on a management net isn't so ...
    (Firewall-Wizards)