[Herts] RE: Blade Server (Debian) compromised. Update 2

nicolas nicolas at jetblackjelly.com
Thu Jun 23 00:10:14 BST 2005


Thanks for every ones advice, in particular Dave, who's IM and SSH work
was very helpful. Critically saving a lot of time and, I strongly
suspect, an ISP unplugging. (Never pleasant)
We now have things contained, and tided. More investigation tomorrow!
When, service will be resumed.

Now pending a reload to the latest Debian. Although Gentoo is, I have to
say, kind of tempting.


The two other problems we had... These have now been killed off..

netstat -anp | grep 22

a lot of connections


blade039:/home/m1hog/blade/chkrootkit-0.45# netstat -anp | grep 31337
tcp        0      0 *
LISTEN      29688/psybnc


No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.7.10/25 - Release Date:

More information about the Herts mailing list