Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: rootedrooted

From: "Dev Null" <devj.nullj () gmail com>
Date: Fri, 17 Nov 2006 09:31:32 +0500
On 11/17/06, McGee, James <James.McGee () acs-inc com> wrote:



You've probably got a duff (compromised) version of ssh running.  Someone
has exploited this and now "owns" your machine



I would probably agree with you. rkhunter reported ssh that I was running to be
vulnerable. It allowed for ssh ver 1 as well.


What next?

Fdisk, start again, reinstall, patch the heck out of it and then connect to
the network.

Or, spend some time doing forensic investigations.



Forensics. Yes, I would like to. Any pointers that can help me about this.



How much time you got?

Either way don't trust the machine anymore and consider it a zombie for some
sort of botnet



Regards



James McGee, CISA, CISM, CISSP
Affiliated Computer Services, Inc.
Human Capital Management Solutions
Information Security & Privacy Office
EU Work +353 21 231 4715
US Work +1 214 416 3715
Mobile  +353 870 515 776
james.mcgee () acs-inc com
http://acs-inc.com



---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. 

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: