[K12OSN] Help - possible hacking of our NFS/NIS LTSP server
cliebow at downeast.net
cliebow at downeast.net
Wed Mar 23 00:42:27 UTC 2005
yes..msln shut the dvhool down and so gave this dude no time to cover his
tracks..if he/she knew how to do so..chuck
> "Support list for opensource software in schools." <k12osn at redhat.com> on
> Tuesday, March 22, 2005 at 6:58 PM -0500 wrote:
> >this is a script kiddie attack which we captured at cave hill.it was run
> >entirely as a non priviledegd acct and after three weeks see no evidence
> >of
> >any attempt to gain root..if you have accts like arthur jane pam with
> >trivial pw look at the bash_history as that at least in our case was
> >intact..look at your var log messges from the ime this happened and you
> >will see a successful login for a trivial acct..chuck
> >
> >
> Thanks Chuck
>
> So was the script kiddie attacking trying ssh logins into other machines?
> I think I saw your earlier post and thought it was doing other things.
> You speaking of a successful login via ssh into a trivial account?
>
> We do use some pretty trivial accounts for the K and 1 kids.
>
> thanks
> >
> >
> >
>
>
>
> Shane Stafford, MCSE, MCT
> Director Information Services Glenburn School and Town
> Educational System Integrator/Network Engineer
> S & B Consulting
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>
---------------------------------------------
This message was sent from Downeast.Net.
http://ellsworthme.com/
More information about the K12OSN
mailing list