Re: Unusual Message log contents

[Mark Newby <mark () dranton com>]

Gregory Kane wrote:
> Ok - I'm not totally sure what is going on here. Does 
> anyone have a thought about this entry in my message.log 
> file?

I saw this sort of stuff prior-to/during/after a Red Hat Linux 7.2 Web 
server was cracked into an used by crackers to install IRC bots, 
sniffers, trojaned servers (ftp server), etc.

I'd check for rogue files, rootkits, etc.  a good start is to run 
chkrootkit (<www.chkrootkit.org>).  there's lots of FAQs, etc on the www 
that explain the steps to go through in detecting if you've been 
compromised and how to recover.


mark


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com