This is very true. Shawn calls me up at 12:00 am saying that sshd is running but he can't get any connections on port 22. Tcpdump on port 22 revealed some trafic. Searching through inetd revealed some crazy service called smbd2 which spauned a shell as root. This all happened after the machine misteriously rebooted. Fun! FC On Mon, 30 Oct 2000, Kirk Wood wrote: > You should look for any connections from IP addresses you don't > recognize. While this would be harder for a production system, on a home > system it shouldn't be too tough. I would pay particular attention to ftp > connections (if you have the service available. > > As for everything you can look for, that fills books and employs > profesionals all with their own opinion. And just so you know, if you have > a full time connection and find one day you can't log into your own > machine. Turn it off. I have a friend who thought somethign had just gone > wrong and needed fixed. Turns out his system had been compromised. If in > doubt shut down and remove it from the net. > > ======= > Kirk Wood > Cpt.Kirk at 1tree.net > > > > _______________________________________________ > Speakup mailing list > Speakup at braille.uwo.ca > http://speech.braille.uwo.ca/mailman/listinfo/speakup >
