[K12OSN] Help - possible hacking of our NFS/NIS LTSP server
Shane Stafford
staffords at glenburn.net
Wed Mar 23 00:27:08 UTC 2005
"Support list for opensource software in schools." <k12osn at redhat.com> on
Tuesday, March 22, 2005 at 6:58 PM -0500 wrote:
>this is a script kiddie attack which we captured at cave hill.it was run
>entirely as a non priviledegd acct and after three weeks see no evidence
>of
>any attempt to gain root..if you have accts like arthur jane pam with
>trivial pw look at the bash_history as that at least in our case was
>intact..look at your var log messges from the ime this happened and you
>will see a successful login for a trivial acct..chuck
>
>
Thanks Chuck
So was the script kiddie attacking trying ssh logins into other machines?
I think I saw your earlier post and thought it was doing other things.
You speaking of a successful login via ssh into a trivial account?
We do use some pretty trivial accounts for the K and 1 kids.
thanks
>
>
>
Shane Stafford, MCSE, MCT
Director Information Services Glenburn School and Town
Educational System Integrator/Network Engineer
S & B Consulting
More information about the K12OSN
mailing list