[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: security issue help



Leon wrote:

My box running FC6 T3 has been warned by my College:

,----
| We've been investigating an IRC botnet involving JANET hosts in
| coordination with the IRC network involved. It appears, from logs of
| connections to IRC channels, that xxxx.xxx.xxx.ac.uk is
| involved.
| | The other hosts involved so far have been compromised through an
| unknown
| vulnerability, possibly via. HTTP or SSH but we're not sure at this
| stage.
| | Please could you investigate as soon as possible and let us know what
| you find. Any information could be very helpful to the other JANET
| sites
`----

Here is the question: how can I check if my computer is compromised?
Thank you.

I would first use rkhunter (command line: rkhunter -c) (Root Kit Hunter) install it if you don't have it.

Mikko Silvennoinen
begin:vcard
fn:Mikko Silvennoinen
n:Silvennoinen;Mikko
org:Bittiainen Ltd
adr:48700  KOTKA;;Aijankatu 10 C 27;Kotka;;48700;Finland
email;internet:mikko pwar net
title:CEO, Hall. puh.joht.
tel;work:+358 (0)44 517 1260
tel;home:044 517 1260
tel;cell:+358 (0)44 517 1260
note;quoted-printable:Suomeksi:=0D=0A=
	=0D=0A=
	Mikko Silvennoinen=0D=0A=
	Bitti=C3=A4inen Oy=0D=0A=
	=C3=84ij=C3=A4nkatu 10 C 27=0D=0A=
	48700  KOTKA=0D=0A=
	SUOMI
x-mozilla-html:TRUE
url:http://www.bittiainen.com
version:2.1
end:vcard


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]