Mailinglist Archive: opensuse-security (343 mails)

< Previous Next >
Re: [suse-security] Possible compromised service
  • From: John Bland <shrike@xxxxxxxxxxxxx>
  • Date: Tue, 17 Jul 2001 00:27:15 +0100 (BST)
  • Message-id: <Pine.LNX.4.31.0107170021040.11061-100000@xxxxxxxxxxxxxxxxxxx>

Just a quick update as there's been a lot off private mailing going on.

I can't (after a reasonable amount of filesystem and network analysis)
find any evidence of how the compromise happened or what was being used to
upload the files. The most likely seems to be a trojan app of some sort.
If it's a rootkit it's a tricky one.

The system will now be heavily firewalled (we don't need overly much
access from offsite that secure things like ssh can't provide) and
reinstalled. It also gives me a good oppertunity to 'upgrade' to 7.2
anyway ;0).

Thanks to anyone who mailed me, you've all given me lots of information
and support.

JB (just when you think things are going great...)

--
John Bland M.Phys (Hons) AMInstP / \ PhD Student & Sys Admin
Email: j.bland at cmp.liv.ac.uk / \ Condensed Matter Group
http://ringtail.cmp.liv.ac.uk/ / \ Liverpool University
"Hey, I wonder how much meat you get on a womble?" -- Eddie


< Previous Next >
Follow Ups
References