Security Incidents mailing list archives
Re: find_ddos results
From: Ryan Russell <ryan () SECURITYFOCUS COM>
Date: Wed, 15 Nov 2000 13:59:05 -0800
On Wed, 15 Nov 2000, Karl Malivuk wrote:
I am new to UNIX/Linux and just brought my first Linux box online. I am using it as a test machine before bringing up as a production host. I just received and installed find_ddos this morning and got the log listed below. I sent a copy to our campus security director who suggested I contact you. Where do I go from here?
Well, that would seem to mean that you got broken into. If you don't care to follow up, just re-format the drive and install Linux again. This time, you might want to take care to turn off unneeded services, and make sure all the latest patches are on. If you want to do more than that, you could offer to make the file in question available, since it looks like it might be a variant. You could also invite someone to log into the box to do forensics work for you, though how you are going to know who to trust for that, I can't say. You mentioned a campus security guy... who apparantly declined to check out what is likely a hacked box on his net. Is information security his primary job there? Ryan
Current thread:
- find_ddos results Karl Malivuk (Nov 16)
- Re: find_ddos results Dave Dittrich (Nov 17)
- Re: find_ddos results Ryan Russell (Nov 17)
- Re: find_ddos results J C Lawrence (Nov 21)
- Re: find_ddos results Ryan Russell (Nov 22)
- Re: find_ddos results Valdis Kletnieks (Nov 24)
- Re: find_ddos results Jose Nazario (Nov 24)
- Re: find_ddos results J C Lawrence (Nov 21)
- Re: find_ddos results Jose Nazario (Nov 17)
- Re: find_ddos results Christophe Dubois (Nov 17)
- Re: find_ddos results Dave Dittrich (Nov 18)
- <Possible follow-ups>
- Re: find_ddos results Karl Malivuk (Nov 17)