[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] quite ot -but i need help about security
>From which IP was this mysterious root connected? To which site was he FTPing? Were the logs deleted recently? Were sensitive programs, such as su, modified recently? You can find much more information at: http://www.enteract.com/~lspitz/ http://project.honeynet.org/papers/enemy/ HTH Michael. -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Monday, March 26, 2001 3:16 PM To: [email protected] Subject: [FW1] quite ot -but i need help about security Hi ALL: this is quite ot but I know that a lot of you here knows a lot about security. just a while ago, the named program on one of our servers wasn't fxning (all lookups failed in logs). when i did a ps -ef, i notice that root was ftping to a certain site. I called my partner, and he said that he didn't login. I also did a who, and indeed only my id showed. i looked at all the logs and didn't see any trace of root.... my only proof was the ps -ef output :-( q: can anyone send me tips on how to track that mysterious "root" ? Sorry again for this ot question. Thanks, -botp ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|