Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 25 Nov 2001 10:17:40 -0500
From:      "David Rhodus" <sdrhodus@wildcatblue.com>
To:        <billak@fox56.tv>
Cc:        <freebsd-isp@FreeBSD.ORG>
Subject:   Re: Attack on server, need help ASAP
Message-ID:  <000b01c175c4$534364d0$4d939dce@vghker>
References:  <Pine.LNX.4.33.0111251533340.16543-100000@sanyu1.sanyutel.com>

next in thread | previous in thread | raw e-mail | index | archive | help
First thing thing you want to look is 'ps auxgw' and see if there is
anything running that you don't know about.
Next make sure you have lsof installed then run, 'lsof | grep LISTEN'  and
see what all taking connections
If then you still don't see anything out of order try doing a cvsup.
If it is a machine that you can take offline for a bit, i would and do a
fresh install

Hope that helps.

Thanks,

David Rhodus

----- Original Message -----
From: <ksemat@wawa.eahd.or.ug>
To: "Bill A. K." <billak@fox56.tv>
Cc: <freebsd-isp@FreeBSD.ORG>
Sent: Sunday, November 25, 2001 7:35 AM
Subject: Re: Attack on server, need help ASAP


>
>
> On Sat, 24 Nov 2001, Bill A. K. wrote:
>
> > My server was just attacked.........someone tried logging in telnet, and
apparently shut down the telnet daemon from trying (over 400
times)....theres NOTHING in the logs, the ips were on the screen, but stupid
me started typing stuff and now they're gone. Is there a way to get back
what was on the screen, like a history of stdout? Please, someone help,
asap, I would really appreciate it.
>
> Not  a solution to your problem but I may as well ask:
>
> 1.Why are you running telnet when there is ssh?
> 2. Is your Freebsd machine patched against the telnetd exploit which was
> relased some months ago? if nto start looking for signs of intrusion and
> thhink of a reinstall.
>
> 3. Do a cvsup to the latest release or stable version of freeBSD.
>
> Noah.
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-isp" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000b01c175c4$534364d0$4d939dce>