Need urgent help regarding security
Timothy Smith
timothy at open-networks.net
Thu Nov 17 20:42:49 PST 2005
i have seen a similar attack recently doing a brute force ssh. the
number ONE weakness in most poorly run IT systems, is easy passwords.
it's amazingly easy to brute force these systems using common names or
variations of them.
in my instance they used it to join a bot net on an undernet irc
channel. and yes attempting to track them down will be a waste of time
unless they have intruded on a very very sensitive system and you have
enough money to back an over seas legal battle.
check in /tmp and see if anything is runnin in there, lots of times /tmp
is mounted with exec and they use it to run their scripts.
>
>> Good Day!
>>
>> I think we have a serious problem. One of our old
>> server running FreeBSD 4.9 have been compromised and
>> is now connected to an ircd server..
>> 195.204.1.132.6667 ESTABLISHED
>>
>> However, we still haven't brought the server down in
>> an attempt to track the intruder down. Right now we
>> are clueless as to what we need to do..
>> Most of our servers are running legacy operating
>> systems(old versions mostly freebsd) Also, that
>> particular server is running - ProFTPD Version 1.2.4
>> which someone have suggested to have a known
>> vulnerability..
>>
>> I really need all the help I can get as the
>> administration of those servers where just transferred
>> to us by former admins. The server is used for ftp.
>>
>> Thanks..
>>
>>
>>
>>
>> __________________________________
>> Yahoo! Mail - PC Magazine Editors' Choice 2005
>> http://mail.yahoo.com
>> _______________________________________________
>> freebsd-security at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-security
>> To unsubscribe, send any mail to "freebsd-security-
>> unsubscribe at freebsd.org"
>
>
> -- Johan Berg
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (Darwin)
>
> iD8DBQFDfLapSVaw+q1ufCYRAh7BAJ93lVecTx72JQnY8IiW3L5D8ineMwCfTZbm
> dY+/9ukhbXIF9r/5krcxSZ4=
> =sjjs
> -----END PGP SIGNATURE-----
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to
> "freebsd-security-unsubscribe at freebsd.org"
>
>
More information about the freebsd-security
mailing list