brute force ssh attack

David Cary Hart Fedora at TQMcube.com
Wed Apr 27 12:48:09 UTC 2005


On Wed, 2005-04-27 at 14:15 +0200, Daniel Kirsten wrote:
> >meaning that they did gain root access after all but were able to hide this
> through a >rootkit???
> >
> >/Håkan
> 
> They tried to login as root, but according to /var/log/secure, they used a 
> wrong password.  Lateron, they probably gained root access in order to 
> manipulate files which have write access only to root.
> 
That's a very good reason to use swatch to move them to the firewall on
the first try. For the hell of it, we use tarpit for this purpose which
is the proverbial "Roach Motel."
-- 
Multi-RBL Check:         http://www.TQMcube.com/rblcheck.htm
Kill Spam at the Source: http://www.TQMcube.com/spam_trap.htm
Today's Spam Trap Adds:  http://www.TQMcube.com/BlockedToday
RBLDNSD HowTo:           http://www.TQMcube.com/rbldnsd.htm




More information about the fedora-list mailing list