[Cialug] Attack troubleshooting?
Nathan C. Smith
nathan.smith at ipmvs.com
Mon Feb 28 22:37:22 CST 2011
Rootkit? They are hard to detect. Sorry if I sound naive, but you sure it isn't an update mechanism or something with multicast or UPNP?
Are you running any WWW CMS? I had Drupal get owned on one of my boxes several years ago.
-Nate
-----Original Message-----
From: cialug-bounces at cialug.org [mailto:cialug-bounces at cialug.org] On Behalf Of L. V. Lammert
Sent: Monday, February 28, 2011 10:23 PM
To: Central Iowa Linux Users Group
Subject: [Cialug] Attack troubleshooting?
Just had a Centos 5.5 box come under some sort of attack, .. it appeqrs that there is something ON the box that was trying to connect to an outside IP.
Any thoughts on how to isolate the cause? I finally got into the box by playing with the firewall, but don't see any logins or anything untoward in ps.
Lee
_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug
More information about the Cialug
mailing list