Re: brute force ssh attack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: fedora-list@xxxxxxxxxx
Subject: Re: brute force ssh attack
From: "Daniel Kirsten" <Daniel.Kirsten@xxxxxxx>
Date: Wed, 27 Apr 2005 17:14:51 +0200 (MEST)
List-archive: <https://www.redhat.com/archives/fedora-list>
List-help: <mailto:[email protected]?subject=help>
List-id: For users of Fedora Core releases <fedora-list.redhat.com>
List-post: <mailto:[email protected]>
List-subscribe: <http://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=subscribe>
List-unsubscribe: <http://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=unsubscribe>
Reply-to: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>

>Daniel -- did you happen to run any of the commands in the compromised user
>account as root?

Yesterday, I examined the directory ~daikanyama/.undernet and probably I 
executed mech as root. The file mech is indeed infected by Linux/Rst-B.   
This explains everything.......


Does anyone know whether .undernet/mech has another purpose than 
distributing the Linux/Rst-B virus???




-- 
+++ Sparen beginnt mit GMX DSL: http://www.gmx.net/de/go/dsl

Follow-Ups:
- Re: brute force ssh attack
  - From: Matthew Miller

Prev by Date: Re: Fedora Core brevity vs server upgrades
Next by Date: Re: Proper way to install new kernel 2.6.11.7 into Fedora Core 3
Previous by thread: Re: brute force ssh attack
Next by thread: Re: brute force ssh attack
Index(es):
- Date
- Thread

[Index of Archives] [Current Fedora Users] [Fedora Desktop] [Fedora SELinux] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools] [Fedora Docs]