Complete.Org: Mailing Lists: Archives: discussion: May 2001:
[aclug-L] I've been hacked
Home

[aclug-L] I've been hacked

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: discussion@xxxxxxxxx
Subject: [aclug-L] I've been hacked
From: Bruce Bales <bbales@xxxxxxxxxxx>
Date: Fri, 18 May 2001 16:24:26 -0500
Reply-to: discussion@xxxxxxxxx

I think I have my firewall set up, but am still trying to refine it.
Going thru "Securing and Optimizing Linux," I got to the chapter on
Unusual or Hidden files.  I ran the find / -nouser -o -nogroup on the
firewall box and it found two hidden directories  in /usr/src -  .puta and
.usd.  These directories had a number of files, (13 altogether) some of
them hidden.  Files named linsniffer, sense, logclear and others.  One
file contained my roadrunner password in the clear - several times.

Most of the files are owned by root, but some by 834.  All are dated April
22 or April 23.  One of the files says "This program is useful for sorting
the output of linsniffer."  I did a search on linsniffer on google and
yes, it's a hacker's program.

I tried to rename the directories, but I can't.  I hesitate to delete them
without knowing what I am up against.  Any suggestions?  Other than change
my road runner password.  Can I learn anything from these programs?  Do I
have to reload the whole system?

bruce

-- This is the discussion@xxxxxxxxx list.  To unsubscribe,
visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi


[Prev in Thread] Current Thread [Next in Thread]