beware: RedHat Linux v5.1 system compromised

Subject: beware: RedHat Linux v5.1 system compromised
From: Pete Jemian <jemian@arev.uni.aps.anl.gov>
Date: Fri, 20 Nov 1998 11:56:09 -0600


Looks like a hacker compromised a RedHat Linux v5.1 PC
this week.  Came in at about 2am Wednesday via the imapd
daemon and apparently issued a command of the 'rm -rf /*' type.
All directories from /bin through /etc were not to be found on
the compromised system.  From past experience (ouch), I've found
that after erasing /etc, no further commands can be executed.

That system is now off-line :(
waiting for the upgrade to RedHat Linux v5.2
and tighter security measures.

The source of the hacking was:
  Nov 18 at 2:00:18 (am)
  from modemcable155.207.mmtl.videotron.net
  which maps to 207.253.207.155

Argonne Computer Security, CIAC, and the ISP (www.videotron.com)
have been notified.

Keep your eyes open,
   Pete
   UNICAT

Prev by Date: status check
Next by Date: Re: beware: RedHat Linux v5.1 system compromised
Index(es):
- Date