[Cialug] Suspicious Server
Jonathan C. Bailey
jbailey at co.marshall.ia.us
Thu Oct 11 09:28:12 CDT 2007
No.
Jonathan Bailey
Webmaster, Marshall County, Iowa
E: jbailey at co.marshall.ia.us
A: 1 E Main St, Marshalltown, IA 50158
P: 641-844-2804
C: 515-988-1021
----- Original Message -----
From: "Paul Gray" <gray at cs.uni.edu>
To: "Central Iowa Linux Users Group" <cialug at cialug.org>
Sent: Thursday, October 11, 2007 9:26:02 AM (GMT-0600) America/Chicago
Subject: Re: [Cialug] Suspicious Server
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, Oct 11, 2007 at 09:22:43AM -0500, Jonathan C. Bailey wrote:
> I've got a server that was acting a bit suspicious... I could SSH to it and navigate through files (ls/cd/cat/tail) without any issue, but if I tried to run a utility like ps/w/kill/chkrootkit, the SSH session would just hang. I rebooted the box and all seems to be fine and chkrootkit doesn't show anything out of place. The other utilities work as normal. This machine only has port 22 open to the world and only allows public key auth to it. Any thoughts on if this is truly suspicious, or is there something else that could cause these commands to just hang?
>
Are you using nis+ or ldap?
- --
Paul Gray -o)
314 East Gym, Dept. of Computer Science /\\
University of Northern Iowa _\_V
Message void if penguin violated ... Don't mess with the penguin
No one says, "Hey, I can't read that ASCII attachment ya sent me."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHDjJ6OH45TZW7mh4RAoqJAJ9H3qTqHRCbi2pqXaDiywlUd1JU6gCg44NJ
xB5cRM8HjIrQnRqVc6fjZIY=
=OkhK
-----END PGP SIGNATURE-----
_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug
More information about the Cialug
mailing list