The system has already been taken care off in terms of nuking it off the net. My question is, how they got in? chrootkit didn't detect anything, at least not in it's set of checks, which leads me to believe that either they're not aware of this particular break-in, or it's something else.
Does anyone have any insight on this?
Very hard to say or guess. All depends on which ports were open to the Internet, how your firewall was configured, which services were being offered, whether any possible vulnerabilities might exist in those servers, whether a local user could have done the exploit, or even whether for some bizarre reason this turns out not to have been an exploit at all. :-)
Anything is possible... I wouldn't venture to attempt to guess.
Cheers,
-- Rodolfo J. Paiz rpaiz@xxxxxxxxxxxxxx http://www.simpaticus.com
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
