Re: Have I Been Hacked?

Mon, 05 Mar 2001 08:18:21 -0800 

Perhaps.

I'd ask, however, for clarification from Ben, as to whether or not user
"operator" has a password, no password at all, or the normal "*" in the
password field.  If user "operator" has the * in the password field, user
"operator" should not be able to log into pts/1 or pts/2, would you not
agree?

On Mon, 5 Mar 2001, Joshua Hirsh wrote:

> Hey Folks,
>
>  Theres a bit of information that you all seemed to over look here.. The
> email that Ben Ocean had forwarded to the list was generated by a program
> that was watching connections to his local machine.
>
>  The email was triggered by... (read the subject.) Thats right. A portmap
> probe to his local machine 'thor' FROM 212.205.199.91. If you look a bit
> further down in the email, you'll notice that the program also includes
> remote FINGER information on the system who attempted the portmap prob.
>
>  In this case, it was initiated by user root on 212.205.199.91... who was
> currently logged into 212.205.199.91 on tty1.
>
>  From the information that you have provided, I think it would be safe to
> assume that you have NOT been hacked.
>
>  The same holds true for the second email you sent to the list included
> below..
>
>
>  Best Regards,
>
> Joshua Hirsh
> efni CONNECT
> UNIX Systems Administration
> [EMAIL PROTECTED]
> Tel: (705) 474-3364 ext. 2557
> Fax: (705) 472-9202
>
>
> > >Subject: portmap attempt on thor from 212.205.199.91 (212.205.199.91)
> > >
> > >  [212.205.199.91]
> > >  Login: root                            Name: root
> > >  Directory: /root                       Shell: /bin/bash
> > >  On since Sun Mar  4 00:41 (EET) on tty1   20 hours 11 minutes idle
> > >       (messages off)
> > >  New mail received Wed Feb 28 17:18 2001 (EET)
> > >       Unread since Tue Feb 13 23:55 2001 (EET)
> > >  No Plan.
>
>
> >Subject: portmap attempt on thor from 211.57.229.2 (211.57.229.2)
> >
> >  [211.57.229.2]
> >  Login: operator                        Name: operator
> >  Directory: /root                       Shell: /bin/sh
> >  On since Mon Mar  5 13:13 (KST) on pts/1 from 21dial234.xnet.ro
> >     19 seconds idle
> >  On since Mon Mar  5 13:23 (KST) on pts/2 from 21dial234.xnet.ro
> >     12 minutes 19 seconds idle
> >  Last login Mon Mar  5 13:23 (KST) on 2 from 21dial234.xnet.ro
> >  No mail.
> >  No Plan.
>
>
>
>
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
>



_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

Reply via email to