help analyzing an attack

Dave Cramer davec-zxk95TxsVYDyHADnj0MGvQC/G2K4zDHf at public.gmane.org
Wed Apr 18 16:17:38 UTC 2007


Here's what I know.

Looks like weak password on ssh, then portforwarding through ssh to x  
windows, probably an X bug.

Fedora Core 2 is the distribution.

Dave


On 18-Apr-07, at 11:54 AM, Jamon Camisso wrote:

> Lennart Sorensen wrote:
>> On Tue, Apr 17, 2007 at 11:34:06PM -0400, Dave Cramer wrote:
>>> Someone managed to get into one of my machines. I caught it  
>>> fairly  early. However I still don't know how he got root
>> Got any services running?  Apache, ftp, nfs, etc?  Running an up  
>> to date
>> distribution or a pretty old one?
>
> ssh
> --
> The Toronto Linux Users Group.      Meetings: http://gtalug.org/
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists

--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list