Mailinglist Archive: opensuse-security (363 mails)
| < Previous | Next > |
Re: [suse-security] have I been invaded?
- From: Richard <ratcheson@xxxxxxxxxxxxx>
- Date: 03 Jun 2003 22:08:46 -0500
- Message-id: <1054696125.3113.370.camel@xxxxxxxxxxxxxxxxxxxx>
On Tue, 2003-06-03 at 18:45, John Andersen wrote:
> On Tuesday 03 June 2003 14:05, Richard wrote:
> > My logs showed that I was constantly being scanned for ports 80, and the
> > other windows based ports like 443 and 1434, . Also I saw a lot of
> > scans by Korean and Chinese URL's hitting my higher ports like 27374.
> > One day I noticed things were not quite right. It;s hard to describe
> > what was going on, so I downloaded and fired up the chkrootkit app and
> > sure enough, I had been invaded.
>
> If you saved your config files from the old instalation, check your
> sshd_config to see if you had enabled ssh1.
Nope, I didnt save that particular config file. I looked through the
current sshd_config file but cannot see where ssh1 is enabled. The man
page wasn't any help either. I went through it 3 times but cannot see
where ssh1 is enabled. What am I looking for?
>
> I have heard of 3 different suse 7.3 boxes rooted in the last 4 weeks
> and the only thing in common was ssh1 available from the net.
Is that the Protocol setting by chance?
Thanks,
Richard
> On Tuesday 03 June 2003 14:05, Richard wrote:
> > My logs showed that I was constantly being scanned for ports 80, and the
> > other windows based ports like 443 and 1434, . Also I saw a lot of
> > scans by Korean and Chinese URL's hitting my higher ports like 27374.
> > One day I noticed things were not quite right. It;s hard to describe
> > what was going on, so I downloaded and fired up the chkrootkit app and
> > sure enough, I had been invaded.
>
> If you saved your config files from the old instalation, check your
> sshd_config to see if you had enabled ssh1.
Nope, I didnt save that particular config file. I looked through the
current sshd_config file but cannot see where ssh1 is enabled. The man
page wasn't any help either. I went through it 3 times but cannot see
where ssh1 is enabled. What am I looking for?
>
> I have heard of 3 different suse 7.3 boxes rooted in the last 4 weeks
> and the only thing in common was ssh1 available from the net.
Is that the Protocol setting by chance?
Thanks,
Richard
| < Previous | Next > |