ssh-scan
Greg Wiggill
gregw at pronto.com.au
Tue May 9 01:27:26 UTC 2006
Thanks for the replies. Chkrootkit works really well and is easy to use
but didn't find anything.
I did find however scan.tgz, relaycheck.pl, a sendmail directory in /tmp
with references to ebay, 60,000 entries in mailq and more.
There were 60 odd processes called 'brute' which had a parameter of
'100' !
Cleaned it all up (which seems to have stemmed the $200/hr internet/data
bill) and will probably rebuild later in the week.
Thanks
Greg
-----Original Message-----
From: redhat-list-bounces at redhat.com
[mailto:redhat-list-bounces at redhat.com] On Behalf Of John van Zantvoort
Sent: Monday, 8 May 2006 6:39 PM
To: General Red Hat Linux discussion list
Subject: Re: ssh-scan
Greg,
the two needn't be related but as Karl sugested checking your system and
beefing up security seems prudent. Also if your system is connected to a
localnetwork see if any security scans are done.
For me checking my own security through e.g. nessus, nmap, chkrootkit
helped identify security flaws that where a result of (my) poor
installation skills or someone elses doing before anyone else found
them. Regularly checking your own security is good practise anyway.
If you really need ssh access try looking at
http://chrootssh.sourceforge.net/ this way you can limit access to a
system through use of a chrooted login.
--
Met vriendelijke groeten/with kind regards
John van Zantvoort
---
Paranoia is simply an optimistic outlook on life.
GCM d- s+:+ a- C+ UL+++ P+++ L++ E--- W++ N+ o K-
w-- O- M- V- PS+ PE- Y+ PGP+ t+ 5 X- R- tv b+ DI++
D+ G e h- r++ y+
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
More information about the redhat-list
mailing list