[99183] in RedHat Linux List

home help back first fref pref prev next nref lref last post

RE: break-in attempt

daemon@ATHENA.MIT.EDU (Matt Reynolds)
Thu Nov 12 17:39:59 1998

From: Matt Reynolds <MReynolds@XOL.com>
To: "'redhat-list@redhat.com'" <redhat-list@redhat.com>
Date: Thu, 12 Nov 1998 16:43:04 -0600
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com

Sure!  I have a few friends in the security field that would be interested.
And, if not simply for amusement, I'd be interested myself.  Any idea if it
was a new attack or simply an old one?  Is your box fully patched?  Anyway,
thanks.

		-----Original Message-----
		From:	Greg Fall [mailto:gmf@dweezil.dyn.ml.org]
		Sent:	Thursday, November 12, 1998 4:02 PM
		To:	redhat-list@redhat.com
		Subject:	break-in attempt

		Where should I send logs &c. corresponding to a break-in
attempt my
		machine suffered this morning (I mean is there an
organization that
		would want to see the files)?  The logs clearly indicate
scripted 
		efforts to get through potential leaks in various daemons
that were
		running at the time.  I noticed the break-in attempt while
it was
		happening, and quickly disconnected my computer from the
network.  I do
		not believe the attempt was a success, but I'm not sure.

		I assembled all the available information in /var/log from
the 23 
		minutes or so during which the attempt was made and put it
in 
		chronological order.  Anybody wanna volunteer to look over
the resulting
		112 kB collection and give me their impression?  Thanks,

		G.F.

	
--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--
		    ___
		   /.  \    Gregory Fall                Phone: 734-913-4662
		   \/  /    University of Michigan      Fax:   734-763-7130
		     \ \    2455 Hayward Street         email:
gmfall@engin.umich.edu
		   __/_/    Ann Arbor, MI 48109
gmf@dweezil.dyn.ml.org


		-- 
		  PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING
LIST ARCHIVES!
				http://www.redhat.com
http://archive.redhat.com
		         To unsubscribe: mail redhat-list-request@redhat.com
with 
		                       "unsubscribe" as the Subject.


-- 
  PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
		http://www.redhat.com http://archive.redhat.com
         To unsubscribe: mail redhat-list-request@redhat.com with 
                       "unsubscribe" as the Subject.
home help back first fref pref prev next nref lref last post