[1828] in SIPB_Linux_Development
more breakins
daemon@ATHENA.MIT.EDU (Patrick McCormick)
Tue Sep 30 02:23:27 1997
Date: Tue, 30 Sep 1997 02:24:40 -0400
From: Patrick McCormick <pmccormi@MIT.EDU>
To: linux-dev@MIT.EDU
From the Dimwit-Files:
FRIEND: "Hey, Pat, why can't I telnet to my machine anymore?"
ME: "Hmm, dunno, let me try." (kerb telnet, he has no srvtab,
I punch in the PW anyway.)
[20 minutes pass]
FRIEND: "Hey, Pat, I got hacked."
So we have another machine, attacked reasonably recently. All four people
whose passwords were captured in the /dev/.mang file were notified (we're
all on the same floor) and I told my friend to shut the machine off for the
time being. Apparently someone got to his machine reasonably recently; the
.mang file just has about 20 entries.
This was on the 18.247.*.* subnet.
If someone could send mail as to what I should do with the infected machine
(besides reinstalling Linux) I'd appreciate it.
--Pat
