[nSLUG] computer compromised

Jeff White Jeff.White at Q9.com
Thu May 2 13:54:46 ADT 2002


dont blow the box away, learn from it.

; jeff, jeff at q9.com, www.q9.com
; there are two errors in in this signature


-----Original Message-----
From: Renouf, Phillip [mailto:prenouf at Mobility.com]
Sent: Thursday, May 02, 2002 9:43 AM
To: 'nslug at nslug.ns.ca'
Subject: RE: [nSLUG] computer compromised


You need to blow this box away and start from scratch. You will never know
if you have gotten all the backdoors, trojans, hacked programs and holes
that this guy used/installed. Start from scratch with an up to date distro
and apply every stinking security related patch you can find. Disable
anything you don't use and go from there.

Phil

> -----Original Message-----
> From: Miller [mailto:millerb at hfx.eastlink.ca] 
> Sent: Wednesday, May 01, 2002 9:45 PM
> To: Nslug (E-mail)
> Subject: [nSLUG] computer compromised
> 
> 
> I was wondering if anyone could help or known of script or 
> program called 
> sshdu I don't think its part of "shadow-utlis" or is it a 
> script to run 
> longside shadow,my intruder was very busy.I have been trying 
> to follow his 
> foot steps and disarm the programs that l find .I would hate 
> to reinstall 
> over them.
> I have followed some of the ip address that were lefted 
> ,should l notify 
> them that they to may have been compromised????????
>                                                           
> Thank Barry  
> 
> _______________________________________________
> nSLUG mailing list
> nSLUG at nslug.ns.ca http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug
> 
_______________________________________________
nSLUG mailing list
nSLUG at nslug.ns.ca
http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nslug.ns.ca/mailman/private/nslug/attachments/20020502/d710b1cd/attachment.html>


More information about the nSLUG mailing list