Security Incidents: Re: Unusual Message log contents

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: Unusual Message log contents

From: Mark Newby <mark () dranton com>
Date: Wed, 08 May 2002 13:13:40 +0100

Gregory Kane wrote:

Ok - I'm not totally sure what is going on here. Doesanyone have a thought about this entry in my message.logfile?

I saw this sort of stuff prior-to/during/after a Red Hat Linux 7.2 Webserver was cracked into an used by crackers to install IRC bots,sniffers, trojaned servers (ftp server), etc.

I'd check for rogue files, rootkits, etc. a good start is to runchkrootkit (<www.chkrootkit.org>). there's lots of FAQs, etc on the wwwthat explain the steps to go through in detecting if you've beencompromised and how to recover.



mark


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.

For more information on this free incident handling, managementand tracking system please see: http://aris.securityfocus.com

By Date By Thread

Current thread:

Unusual Message log contents Gregory Kane (May 06)
- Re: Unusual Message log contents Mark Newby (May 08)