security issue help
Mikko Silvennoinen
mikko at pwar.net
Thu Sep 14 12:18:48 UTC 2006
Leon wrote:
>My box running FC6 T3 has been warned by my College:
>
>,----
>| We've been investigating an IRC botnet involving JANET hosts in
>| coordination with the IRC network involved. It appears, from logs of
>| connections to IRC channels, that xxxx.xxx.xxx.ac.uk is
>| involved.
>|
>| The other hosts involved so far have been compromised through an
>| unknown
>| vulnerability, possibly via. HTTP or SSH but we're not sure at this
>| stage.
>|
>| Please could you investigate as soon as possible and let us know what
>| you find. Any information could be very helpful to the other JANET
>| sites
>`----
>
>Here is the question: how can I check if my computer is compromised?
>Thank you.
>
>
>
I would first use rkhunter (command line: rkhunter -c) (Root Kit Hunter)
install it if you don't have it.
Mikko Silvennoinen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mikko.vcf
Type: text/x-vcard
Size: 507 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20060914/00f1f95e/attachment-0001.vcf>
More information about the fedora-list
mailing list