brute force ssh attack
Jeff Vian
jvian10 at charter.net
Thu Apr 28 20:00:53 UTC 2005
On Thu, 2005-04-28 at 09:41 -0400, Matthew Miller wrote:
> On Thu, Apr 28, 2005 at 08:14:44AM -0500, Aleksandar Milivojevic wrote:
> > Was it controlled? Was it really limited? Judging from original post,
> > I wouldn't be suprised if his entire local network got infected.
>
> I'd be somewhat surprised, given that the attackers here seemed
> run-of-the-mill, but you're right, definitely something to check for.
>
>From the attack vector, the attackers seemed run of the mill.
>From the OPs comments, this attack could easily have infected any and
all machines on his network. The OP even did not have any concept of
the effects of running UNKNOWN programs that obviously were put on his
system by an attacker and yet he executed the program as root himself.
Ignorance is not an excuse for an SA to make mistakes that can be deadly
and in this case may easily have infected many other machines.
As was stated by Aleksander, I will be surprised if the rest of his
network did not also get infected.
> > >Sure. But it doesn't hurt to investigate what happened. It's educational.
> > Sure, investigate. Learn. And then wipe off the harddrives.
>
> Agreed.
>
> --
> Matthew Miller mattdm at mattdm.org <http://www.mattdm.org/>
> Boston University Linux ------> <http://linux.bu.edu/>
> Current office temperature: 75 degrees Fahrenheit.
>
More information about the fedora-list
mailing list