First of all: I'm not the sysadmin of this server I'm talking about, I don't want to give the wrong impression of myself :) The server is a RH6.2 box that acts as a nameserver and web server. I found out that named was taking almost all CPU resources: --snip-- PID USER PRI NI SIZE RSS SHARE STAT LIB %CPU %MEM TIME COMMAND 438 named 19 0 1824 676 12 R 0 84.5 0.5 5320m named 1383 nobody 3 0 35628 27M 1008 S 0 5.7 22.0 392:56 java --snip-- That got me worried. I restarted named and the problem disappeared. Then I checked the version of bind installed: bind-8.2.2_P5-9 Uhuh, if I remember correctly all bind versions prior to 8.3 were vulnerable to these worm attacks we've been having lately...? I upgraded bind but now I really would like to know if the server has been compromised. There is nothing strange in the logs. I don't see any strange new users on the server either. What to check next? Regards, Peter _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
