[CLUE-Tech] Hack attempt
ian
iguy at ionsphere.org
Mon Aug 6 10:11:56 MDT 2001
More information is needed..
1) is PostgreSQL accessible from the net? If so why?
2) Are you running snort or tripwire or some other IDS type of system?
ian
On Mon, Aug 06, 2001 at 09:38:19AM -0700, grant wrote:
> Last night at 00:46, I had someone trying to connect to many ports on one
> of my machines. All of the connections were refused. About 15 minutes
> later, the other machine locked up. I couldn't even switch virtual
> terminals.
>
> I saw no evidence of a break in (nothing weird in the logs, /etc/passwd,
> /etc/groups, processes running, etc.) Is this most likely a coincidence,
> a hack attempt that crashed the machine, or something successful? Where
> is best to look?
>
> I do not know of any remote crash vulnerabilities in any of my software,
> and I keep everything up to date as far as patches. TCP wrappers shut
> down the connections to machine 1, and machine 2 (the one that locked up)
> answers only to HTTP, SSH, and PostgreSQL. It does allow SMB and NFS and
> YP, but only to the 2 machines on my local network.
>
> ______________________________________________________________________________
>
> Your mouse has moved.
> You must restart Windows for your changes to take effect.
>
> #!/usr/bin/perl
> print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);
>
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech
More information about the clue-tech
mailing list