On Fri, 2008-02-22 at 23:17 +0100, Wolfgang Woehl wrote:
Donnerstag, 21. Februar 2008 Pavol Rusnak:
Just for the record, emech is energymech* - IRC bot programmed in C, similar to eggdrop*, no exploit or rootkit fortunately.
Hi Pavol, I think what you say is naive at best. "Botnet" ring a bell?
Pavol RUSNAK SUSE LINUX, s.r.o Package Maintainer Lihovarska
You seem to maintain tcpdump, libpcap, iptables and I sincerely hope that you don't take the same easygoing approach with those.
I think the hack is indeed as described. It was not really messing up my system. It used it as a stage to probe other systems. I got a visit from our IT department that there was a complaint about this server from some external site. I was not surprised. It seems that the password changes have resolved the issue. At least for now. I will have to keep watch for something else. But I do not think the system was compromised. In summary, I would say a user let someone use his account to run some unexpected software.
Wolfgang
-- Roger Oberholtzer OPQ Systems / Ramböll RST Ramböll Sverige AB Kapellgränd 7 P.O. Box 4205 SE-102 65 Stockholm, Sweden Tel: Int +46 8-615 60 20 Fax: Int +46 8-31 42 23 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org