Possible break-in
Rodolfo J. Paiz
rpaiz at simpaticus.com
Thu May 13 18:35:34 UTC 2004
At 11:55 5/13/2004, Ashley M. Kirchner wrote:
> The system has already been taken care off in terms of nuking it off
> the net. My question is, how they got in? chrootkit didn't detect
> anything, at least not in it's set of checks, which leads me to believe
> that either they're not aware of this particular break-in, or it's
> something else.
>
> Does anyone have any insight on this?
Very hard to say or guess. All depends on which ports were open to the
Internet, how your firewall was configured, which services were being
offered, whether any possible vulnerabilities might exist in those servers,
whether a local user could have done the exploit, or even whether for some
bizarre reason this turns out not to have been an exploit at all. :-)
Anything is possible... I wouldn't venture to attempt to guess.
Cheers,
--
Rodolfo J. Paiz
rpaiz at simpaticus.com
http://www.simpaticus.com
More information about the redhat-list
mailing list