[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Hacked?? Telnet Connected But Not Activated?

Subject: Re: [cobalt-users] Hacked?? Telnet Connected But Not Activated?
From: Wayne Sagar <wsagar@xxxxxxxx>
Date: Wed Apr 18 22:31:37 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

>If the machine has been hacked, the stuff the hacker is using
>is obviously hidden - if it were not your logs would contain the
>clues you need to track this stuff down. How well it's been hidden
>depends upon the skill of the person who cracked your box.

I suppose this is so... jezus.. it's only been two months since the damn
thing was cracked last time, complete reinstall and upload... portsentry -
log check.. very careful use of ssh and ssl for the gui.. It seems, if they
want in badly enough, they get in the damn thing. 

If I had not done the netstat when I did, I'd never have known that anyone
was telneting in.. Here's a question though.. If telnet were turned off...
and someone atttempted to connect... but did not connect.. in my netstat
report... I would not see "established" correct.. or would I? 

Another question.. should postgres ever be seen as a "user" logging in as su? 

Obviously, probably not.. does this give a clue to where this mess might be
found? 

I hate to take it all down rebuild and have it happen again... and again
and again.. 

Help anyone?
Wayne

Follow-Ups:
- Re: [cobalt-users] Hacked?? Telnet Connected But Not Activated?
  - From: flash22
- Re: [cobalt-users] Hacked?? Telnet Connected But Not Activated?
  - From: elmer

Prev by Date: [cobalt-users] RAQ4: Using an IP address in an MX Record
Next by Date: [cobalt-users] RE: cobalt-users digest, Vol 1 #2607 - 17 msgs
Previous by thread: Re: [cobalt-users] Hacked?? Telnet Connected But Not Activated?
Next by thread: Re: [cobalt-users] Hacked?? Telnet Connected But Not Activated?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index