[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: rootkit?

From: Alan Cox <alan redhat com>
To: For testers of Fedora Core development releases <fedora-test-list redhat com>
Cc: FC Rel <fedora-list redhat com>
Subject: Re: rootkit?
Date: Mon, 12 Dec 2005 16:19:00 -0500

On Mon, Dec 12, 2005 at 02:57:28PM -0500, Chasecreek Systemhouse wrote:
> About three months ago I reported a box I admin'ed was accessed thru
> DDoS on the ssh access port -- the sshd was hit 90,000 times a hour

Standard dictionary attack set I imagine. Some of the worms are also much
smarter and use any unpassworded ssh private keys they can steal to build
a huge key based attack database

> attack, access, and discovery all happened in less than a 5 hour
> period.  The attacker either was a novice or didn't care to cover
> their tracks.

or a robot

> I would say there is a ssh brute force hack floating around that has
> not been documented yet; as such it is all Server admins best
> interests to remain vigilant.

What kernel was that box running ?

Follow-Ups:
- Re: rootkit?
  - From: Chasecreek Systemhouse

References:
- Re: rootkit?
  - From: Chasecreek Systemhouse

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]