Complete.Org: Mailing Lists: Archives: linux-help: May 2001:
[linux-help] Security Issues

[linux-help] Security Issues

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]

To:	Linux-Help <linux-help@xxxxxxxxx>
Subject:	[linux-help] Security Issues
From:	John Alexander <john.alexander@xxxxxxxx>
Date:	Fri, 04 May 2001 13:29:45 -0500
Reply-to:	linux-help@xxxxxxxxx

I just recieved an interesting piece of e-Mail from on eof the sysadmins at
my DSL provider, telling me that somebody has hijacked one of my machines. I
have identified the processes that they were using to run a port scan
against other networks, and have identified the userid affiliated with the
files used to drop the payload onto my machine. I am not able to find that
userid listed in either the passwd, shadow, or groups file. This being the
case, where should I look now? The group assigned to the files is 'wheel',
so I was wondering if I could just cut that out of the group file?

John Alexander
WorldCom
Senior Network Engineer I
MM NETS (Network Engineering Technical Support)
http://nets.wcomnet.com/
V737-8471
1-800-PAGE-MCI pin 930-0285
316-684-8471
AOL - jralexan1


-- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi

[Prev in Thread]

Current Thread

[Next in Thread]

[linux-help] Security Issues, John Alexander <=
- [linux-help] Re: Security Issues, Dale W Hodge, 2001/05/05
- [linux-help] Re: Security Issues, Greg House, 2001/05/05
- [linux-help] Re: Security Issues, Greg House, 2001/05/05

Prev by Date: [linux-help] Re: Linux and Streaming Media
Next by Date: [linux-help] Re: Security Issues
Previous by thread: [linux-help] Linux and Streaming Media
Next by thread: [linux-help] Re: Security Issues
Index(es):
- Date
- Thread