Roger Oberholtzer wrote:
On Fri, 2008-02-22 at 23:17 +0100, Wolfgang Woehl wrote:
Donnerstag, 21. Februar 2008 Pavol Rusnak:
Just for the record, emech is energymech* - IRC bot programmed in C, similar to eggdrop*, no exploit or rootkit fortunately. Hi Pavol, I think what you say is naive at best. "Botnet" ring a bell?
Pavol RUSNAK SUSE LINUX, s.r.o Package Maintainer Lihovarska You seem to maintain tcpdump, libpcap, iptables and I sincerely hope that you don't take the same easygoing approach with those.
I think the hack is indeed as described. It was not really messing up my system. It used it as a stage to probe other systems. I got a visit from our IT department that there was a complaint about this server from some external site. I was not surprised. It seems that the password changes have resolved the issue. At least for now. I will have to keep watch for something else. But I do not think the system was compromised. In summary, I would say a user let someone use his account to run some unexpected software.
A user like that needs two weeks unpaid vacation, so that in the future, he can think more clearly at work before "loaning" his account to some who wants to use it for "unexpected software" -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org