[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] quite ot -but i need help about security
thanks a lot, Michael. I will check on the sites now.... > -----Original Message----- > From: Michael Liberte [mailto:[email protected]] > Sent: Tuesday, March 27, 2001 3:36 AM > To: '"Pe?a, Botp"'; [email protected] > Subject: RE: [FW1] quite ot -but i need help about security > > > From which IP was this mysterious root connected? > To which site was he FTPing? > Were the logs deleted recently? > Were sensitive programs, such as su, modified recently? > > You can find much more information at: > http://www.enteract.com/~lspitz/ > http://project.honeynet.org/papers/enemy/ > HTH > Michael. > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > Sent: Monday, March 26, 2001 3:16 PM > To: [email protected] > Subject: [FW1] quite ot -but i need help about security > > > > Hi ALL: > > this is quite ot but I know that a lot of you here knows a lot about > security. > > just a while ago, the named program on one of our servers > wasn't fxning > (all lookups failed in logs). when i did a ps -ef, i notice > that root was > ftping to a certain site. I called my partner, and he said > that he didn't > login. I also did a who, and indeed only my id showed. > > i looked at all the logs and didn't see any trace of root.... > my only proof > was the ps -ef output :-( > > q: can anyone send me tips on how to track that mysterious "root" ? > > Sorry again for this ot question. > > Thanks, > -botp ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|