[Herts] RE: Blade Server (Debian) compromised. Update 2
nicolas
nicolas at jetblackjelly.com
Thu Jun 23 00:10:14 BST 2005
Hi,
Thanks for every ones advice, in particular Dave, who's IM and SSH work
was very helpful. Critically saving a lot of time and, I strongly
suspect, an ISP unplugging. (Never pleasant)
We now have things contained, and tided. More investigation tomorrow!
When, service will be resumed.
Now pending a reload to the latest Debian. Although Gentoo is, I have to
say, kind of tempting.
Regards
Nicolas
The two other problems we had... These have now been killed off..
netstat -anp | grep 22
a lot of connections
********************
blade039:/home/m1hog/blade/chkrootkit-0.45# netstat -anp | grep 31337
tcp 0 0 0.0.0.0:31337 0.0.0.0:*
LISTEN 29688/psybnc
***************************
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.7.10/25 - Release Date:
21/06/2005
More information about the Herts
mailing list