Sunday, May 25, 2003, 2:04:30 PM, Jayson Vantuyl (Jayson) wrote: Jayson> We've had a number of hacked boxen recently. It appears a certain Jayson> person (Romanian we think) is specifically targeting us and our Jayson> customers (looks like he hit a machine and found connections from others Jayson> in their logs, went from there).
That's pretty unsettling.. Have you tried running snort? If its a known vulnerability it should be able to pick it up (don't use Debian's.. it's very out of date). You might want to try scanning your boxes with nessus too (kind of unlikely that it would find anything, but... (don't use debian version again)). Have all of the hacked boxes been running a while without a reboot? Someone discussed that programs running from updated libraries would still be vulnerable until they were restarted. For instance, if you havn't restarted ssh or apache (if you're using ssl) since openssl was upgraded, an openssl exploit would still work. ------------------------------------------------------ | Eddie J Schwartz <[EMAIL PROTECTED]|m00.net]> | | AIM: Uncaring Eyes ICQ: 35576339 YHOO: edmcman2 | | "We Trills have an expression -- at forty, you | | think you know everything. At four hundred you | | realize you know nothing." - Dax, Startrek DS9 | ------------------------------------------------------
