On Thu, 2005-04-28 at 09:41 -0400, Matthew Miller wrote: > On Thu, Apr 28, 2005 at 08:14:44AM -0500, Aleksandar Milivojevic wrote: > > Was it controlled? Was it really limited? Judging from original post, > > I wouldn't be suprised if his entire local network got infected. > > I'd be somewhat surprised, given that the attackers here seemed > run-of-the-mill, but you're right, definitely something to check for. > >From the attack vector, the attackers seemed run of the mill. >From the OPs comments, this attack could easily have infected any and all machines on his network. The OP even did not have any concept of the effects of running UNKNOWN programs that obviously were put on his system by an attacker and yet he executed the program as root himself. Ignorance is not an excuse for an SA to make mistakes that can be deadly and in this case may easily have infected many other machines. As was stated by Aleksander, I will be surprised if the rest of his network did not also get infected. > > >Sure. But it doesn't hurt to investigate what happened. It's educational. > > Sure, investigate. Learn. And then wipe off the harddrives. > > Agreed. > > -- > Matthew Miller mattdm@xxxxxxxxxx <http://www.mattdm.org/> > Boston University Linux ------> <http://linux.bu.edu/> > Current office temperature: 75 degrees Fahrenheit. >
