Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Being Hacked?! Please Help!!

From: flee () MAIL HOWARD K12 MD US (Francis Lee)
Date: Thu, 24 Feb 2000 09:34:27 -0500

Hi,

I've sent a report to CERT... But I'd like to alert/discuss this with the
experts....

I'm attaching three text files detailing the incident: "mail_server_isssue"
shows how I found out this incident and "bash_history" is the .bash_history
file in /root that shows, potentially, what the person did.... And last but
not least, "hidden_dir" shows the directory that the person created in
/var/tmp. The program running basically captures all the connection with
"interesting info" logged. I've upgraded qpopper from b26 to b34   (since it
looks like a qpopper buffer overflow attack..)

Thanks!!

Regards,

Francis Lee

Network Specialist
Howard County Public School System
ph     410-313-7042
fax    410-313-7045
flee () mail howard k12 md us

<HR NOSHADE>
<UL>
<LI>application/octet-stream attachment: hidden_dir
</UL>

<HR NOSHADE>
<UL>
<LI>application/octet-stream attachment: mail_server_issue.log
</UL>

<HR NOSHADE>
<UL>
<LI>application/octet-stream attachment: bash_history
</UL>
Previous By Date Next
Previous By Thread Next

Current thread: