[CLUE-Tech] Hack attempt

Mon Aug 6 10:38:19 MDT 2001

Last night at 00:46, I had someone trying to connect to many ports on one
of my machines.  All of the connections were refused.  About 15 minutes
later, the other machine locked up.  I couldn't even switch virtual
terminals.

I saw no evidence of a break in (nothing weird in the logs, /etc/passwd,
/etc/groups, processes running, etc.)  Is this most likely a coincidence,
a hack attempt that crashed the machine, or something successful?  Where
is best to look?

I do not know of any remote crash vulnerabilities in any of my software,
and I keep everything up to date as far as patches.  TCP wrappers shut
down the connections to machine 1, and machine 2 (the one that locked up)
answers only to HTTP,  SSH, and PostgreSQL. It does allow SMB and NFS and
YP, but only to the 2 machines on my local network.

______________________________________________________________________________

                          Your mouse has moved.
       You must restart Windows for your changes to take effect.

#!/usr/bin/perl
print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);