[Cialug] Attack troubleshooting?
kristau
kristau at gmail.com
Mon Feb 28 22:44:35 CST 2011
How you proceed depends a lot on the nature or role of that system. Is
it a personal system, or a production/commercial one? If it is the
latter, you should seek professional help. Otherwise, I'd recommend
disconnecting it from the network (don't power it down, yet) and
checking it for root kits.
On Mon, Feb 28, 2011 at 10:23 PM, L. V. Lammert <lvl at omnitec.net> wrote:
> Just had a Centos 5.5 box come under some sort of attack, .. it appeqrs
> that there is something ON the box that was trying to connect to an
> outside IP.
>
> Any thoughts on how to isolate the cause? I finally got into the box by
> playing with the firewall, but don't see any logins or anything untoward
> in ps.
>
> Lee
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
--
Tired programmer
Coding late into the night
The core dump follows
More information about the Cialug
mailing list