On Tue, 25 Jan 2011, will trillich wrote: > In kern.log there's only > Jan 23 23:04:59 darth kernel: [64084756.601774] exploit[25161]: segfault at > 10c00b ip 00000000 sp deadc01d error 6 > Jan 23 23:05:08 darth kernel: [64084765.528734] NET: Registered protocol > family 5
There is no mistery. Your system has been compromised. Get post-mortem backups done for forensic purposes, wipe the box, and proceed to a full reinstall. Kindly don't leave that thing connected to the network for now, as it is likely being used as a botnet C&C node, or as an attack platform. Based on the uptime and "debian_version" data you provided, whomever takes care of that system has been very negligent with security updates. It is no wonder it got rooted. Let that be a lesson for the future. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110127154418.gb18...@khazad-dum.debian.net
