brute force ssh attack
M.Rudra
dr.rudra at gmail.com
Fri Apr 29 21:27:58 UTC 2005
On 4/27/05, Thomas Cameron <thomas.cameron at camerontech.com> wrote:
> > something.) Also check in /tmp and /var. And any luck with the
> > .bash_history? (For both the users and for root....)
>
> Especially /var/tmp - that's a common place for rootkits to live.
a doubt here ,
i checked /tmp and found
srwxrwxrwx 1 wnn wnn 0 Apr 27 22:30 jd_sockV4
why does this file (socket) have different owner and user, while all
others have either root or userabc.
drwxrwxrwt 2 xfs xfs 4096 Apr 29 22:30 .font-unix
this hidden file also has different permission and different owner and
user, while others have either root or userabc.
xfs and wnn ? are not users created by me so where did they come from ?
Can someone please clear this silly doubt.
--
MR
More information about the fedora-list
mailing list