[K12OSN] Help - possible hacking of our NFS/NIS LTSP server
Shane Stafford
staffords at glenburn.net
Tue Mar 22 22:58:33 UTC 2005
well it looks like someone compromised our NFS/NIS server.
Someone has reported to UNET that our server was trying this ssh login
brute force attack. What is odd the report was on March 19 and the UNET
folks looked today and didn't see anything.
What can I do to look for this script or hack? How do I make sure it
doesn't happen, if it happens again, they filter out that server and our
entire LTSP system relies on that machine.
I did find a test account logged in under odd circumstances, so I killed
the processes and deleted the test account. But I worry about what damage
may be done.
thanks for any advice
Shane
Shane Stafford, MCSE, MCT
Director Information Services Glenburn School and Town
Educational System Integrator/Network Engineer
S & B Consulting
More information about the K12OSN
mailing list