[nSLUG] computer compromised

Peter Cordes peter at llama.nslug.ns.ca
Thu May 2 22:48:50 ADT 2002

On Wed, May 01, 2002 at 10:44:34PM -0300, Miller wrote:
> I was wondering if anyone could help or known of script or program called 
> sshdu 

 The name is closest to sshd, which is the secure shell daemon.  Almost
everybody has sshd running if they have any remotely accessable daemons
running at all.  It might be something like sshd, but I'd guess that the
name is just similar so you might not notice it among other sshd processes.
(sshd forks a copy of itself for every remote login, so having several
running is normal.)

> I don't think its part of "shadow-utlis" or is it a script to run 
> longside shadow,my intruder was very busy.I have been trying to follow his 
> foot steps and disarm the programs that l find .I would hate to reinstall 
> over them.
> I have followed some of the ip address that were lefted ,should l notify 
> them that they to may have been compromised????????

 Yes, especially if they look up to university or company computers.  It's
probably not very easy to contact someone based on a dialup IP address for
their home computer.  For computers in a univ. or company, you can notify
the tech people for the whole organization and let them sort it out.

#define X(x,y) x##y
Peter Cordes ;  e-mail: X(peter at llama.nslug. , ns.ca)

"The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces!" -- Plautus, 200 BCE

More information about the nSLUG mailing list