Date: Sun, 25 Nov 2001 10:17:40 -0500 From: "David Rhodus" <sdrhodus@wildcatblue.com> To: <billak@fox56.tv> Cc: <freebsd-isp@FreeBSD.ORG> Subject: Re: Attack on server, need help ASAP Message-ID: <000b01c175c4$534364d0$4d939dce@vghker> References: <Pine.LNX.4.33.0111251533340.16543-100000@sanyu1.sanyutel.com>
next in thread | previous in thread | raw e-mail | index | archive | help
First thing thing you want to look is 'ps auxgw' and see if there is anything running that you don't know about. Next make sure you have lsof installed then run, 'lsof | grep LISTEN' and see what all taking connections If then you still don't see anything out of order try doing a cvsup. If it is a machine that you can take offline for a bit, i would and do a fresh install Hope that helps. Thanks, David Rhodus ----- Original Message ----- From: <ksemat@wawa.eahd.or.ug> To: "Bill A. K." <billak@fox56.tv> Cc: <freebsd-isp@FreeBSD.ORG> Sent: Sunday, November 25, 2001 7:35 AM Subject: Re: Attack on server, need help ASAP > > > On Sat, 24 Nov 2001, Bill A. K. wrote: > > > My server was just attacked.........someone tried logging in telnet, and apparently shut down the telnet daemon from trying (over 400 times)....theres NOTHING in the logs, the ips were on the screen, but stupid me started typing stuff and now they're gone. Is there a way to get back what was on the screen, like a history of stdout? Please, someone help, asap, I would really appreciate it. > > Not a solution to your problem but I may as well ask: > > 1.Why are you running telnet when there is ssh? > 2. Is your Freebsd machine patched against the telnetd exploit which was > relased some months ago? if nto start looking for signs of intrusion and > thhink of a reinstall. > > 3. Do a cvsup to the latest release or stable version of freeBSD. > > Noah. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000b01c175c4$534364d0$4d939dce>