[445] in Intrusion Detection Systems
Were my server being hacked?
daemon@ATHENA.MIT.EDU (Ye Tun)
Wed Dec 6 13:26:27 1995
Date: Wed, 6 Dec 1995 21:14:55 +0700 (TST)
From: Ye Tun <ye@maia.cl.au.ac.th>
To: ids <ids@uow.edu.au>
Reply-To: ids@uow.edu.au
Dear admins,
Please read my little story first. We had one 800 G40 server and 700/55 6
servers. And three of 700/55 servers were using yp from 800/G40 (which is
fully patched), and the other three were standalone. Yesterday i was out
for one whole day and this morning, i found out that three servers which
were not using yp (NIS) from 800/G40 couldn't reach from any others servers.
But one thing suprise me is, one of those server can ping to gateway
printer which is parallely connected. And i checked the /etc/hosts,
/etc/resolv.conf and all those are fine.
here is a small diagram which might make you understand more.
| Standalone servers |
\ / to main router
---------------------------------------------------------------/
| | | \ / | \ /
800/G40 700/55 700/55 700/33 printer 700/55
{(yp) OK} Can ping can ping to using yp from 800/g40
only to 800/G40 with and doing fine
printer. 80% packets loss
All of them are HP-UX 7.04 and 7.03 and I do not see any trace of being
hacked. But who knows what happened? Can any one tell me?
If there is nothing to solve, I am (have to) format and reinstall the
whole things. So, I need to know where can i get the list of patches
(especially for security) for 700s.
Thanks.
P.S. If anyone one summery, i will summerized it. But Please answer
urgently since i don't want my server to be down for more then 3 days.
REgards,
*[ Ye ]*
