[vox-tech] not sure what to call it
Shwaine
vox-tech@lists.lugod.org
Sat, 13 Apr 2002 14:33:54 -0700
You mentioned having SSH running. What other services do you have
running? Have you patched SSH for the off by one error? Have you
patched for other security problems? I get hit constantly by scans
for vulnerable SSH, FTP, RPC, etc Linux boxes (not as constantly
as MS IIS scans though). If you have not secured your box from the
outside, then you should consider the possibility it has been hacked.
A quick check of this would be to reinstall with hardening measures
before putting it back on the Internet and see if the problem goes
away. Include a tripwire or md5sum run in your hardening measures,
burning the results to CD (preferably bootable), so you can check
for a hack more easily in the future.
Shwaine the Wandering Arch of Malevolence
--------------------------------------------------------------
http://www.malevolence.com http://www.shwaine.com
telnet://shwaine.dyn.greystoneapts.com:3000