hack attempt - what to do
Tom Legrady
legrady-bJEeYj9oJeDQT0dZR+AlfA at public.gmane.org
Sat Aug 7 18:09:24 UTC 2004
So maybe someone can write a disinfecting virus that spots these
attacks, infects the attacking machine and disinfects it, then spreads
from there.
Tom
daniel wrote:
>On Friday 06 August 2004 12:09 am, Noah John Gellner wrote:
>
>
>>Today some punk tried to hack my system by trying to log in as root to
>>my ssh server. There was no problem and I mailed Abuse and Admin at his
>>ISP. This attempt was unusual due to the number of attempts. I notice a
>>couple of HTTP attacks every day. What do people do about this nonsense.
>>I am thinking of starting to aggressively mail ISPs as determined by
>>whois and demand that users be warned and/or censured. Any thoughts?
>>
>>
>
>believe it or not, it could be some sort of linux worm:
>
> http://thread.gmane.org/gmane.linux.gentoo.security/1466
>
>the interesting news however is that the thing tends only to try to get at the
>same accounts, (i've seen "test" and "guest") but apparently it uses the
>same username/password as is available on that box, so if you could capture
>what it's trying on your machine, you own your attacker's machine. ...or so
>i've heard. i don't even know how to do that.
>
>
>
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list