[ILUG] Sinking feeling - in.sysched
Paul Jakma
paul at clubi.ie
Fri Sep 1 02:16:46 IST 2000
On Thu, 31 Aug 2000, Joshua R. Beining wrote:
> Thanks Gary. I actually already found that article. It is what pointed me
> in the hacked system direction. After about 1 hour of looking around, the
> system has definitely been hacked (damn!). in.sysched is just one of many
> tools that were installed. And I believe that it is some type of DDOS tool
> (unless someone knows otherwise). The others include a trojaned ps, sshd
> and login, a prog to clean any reference to an ip/user in all the /var/log/*
> files, a sniffer, and a nice little shell script that installs them all.
> Argh! And I was hoping to leave work early today. LOL. If anyone has any
> comments, I'd love to hear them. I'll let you all know what I find.
>
a little writeup would be cool.
the state of the machine before. (ie what level of security was
expected from the box).
how they got in.
what they did.
how you discovered it.
what you did
hindsight is 20/20 - what could have been done.
etc...
might be something for the linux.ie website?
> -Joshua
regards,
--
Paul Jakma paul at clubi.ie
PGP5 key: http://www.clubi.ie/jakma/publickey.txt
-------------------------------------------
Fortune:
Now and then an innocent man is sent to the legislature.
More information about the ILUG
mailing list