[Cialug] Suspicious Server

Jonathan C. Bailey jbailey at co.marshall.ia.us
Thu Oct 11 09:28:12 CDT 2007


Jonathan Bailey
Webmaster, Marshall County, Iowa
E: jbailey at co.marshall.ia.us
A: 1 E Main St, Marshalltown, IA 50158
P: 641-844-2804
C: 515-988-1021

----- Original Message -----
From: "Paul Gray" <gray at cs.uni.edu>
To: "Central Iowa Linux Users Group" <cialug at cialug.org>
Sent: Thursday, October 11, 2007 9:26:02 AM (GMT-0600) America/Chicago
Subject: Re: [Cialug] Suspicious Server

Hash: SHA1

On Thu, Oct 11, 2007 at 09:22:43AM -0500, Jonathan C. Bailey wrote:
> I've got a server that was acting a bit suspicious... I could SSH to it and navigate through files (ls/cd/cat/tail) without any issue, but if I tried to run a utility like ps/w/kill/chkrootkit, the SSH session would just hang. I rebooted the box and all seems to be fine and chkrootkit doesn't show anything out of place. The other utilities work as normal. This machine only has port 22 open to the world and only allows public key auth to it. Any thoughts on if this is truly suspicious, or is there something else that could cause these commands to just hang?

Are you using nis+ or ldap?

- -- 
Paul Gray                                         -o)
314 East Gym, Dept. of Computer Science           /\\
University of Northern Iowa                      _\_V
Message void if penguin violated ...  Don't mess with the penguin
No one says, "Hey, I can't read that ASCII attachment ya sent me."
Version: GnuPG v1.4.6 (GNU/Linux)

Cialug mailing list
Cialug at cialug.org

More information about the Cialug mailing list