[Date Prev][Date Next][Date Index]
beware: RedHat Linux v5.1 system compromised
- Subject: beware: RedHat Linux v5.1 system compromised
- From: Pete Jemian <jemian@arev.uni.aps.anl.gov>
- Date: Fri, 20 Nov 1998 11:56:09 -0600
Looks like a hacker compromised a RedHat Linux v5.1 PC
this week. Came in at about 2am Wednesday via the imapd
daemon and apparently issued a command of the 'rm -rf /*' type.
All directories from /bin through /etc were not to be found on
the compromised system. From past experience (ouch), I've found
that after erasing /etc, no further commands can be executed.
That system is now off-line :(
waiting for the upgrade to RedHat Linux v5.2
and tighter security measures.
The source of the hacking was:
Nov 18 at 2:00:18 (am)
from modemcable155.207.mmtl.videotron.net
which maps to 207.253.207.155
Argonne Computer Security, CIAC, and the ISP (www.videotron.com)
have been notified.
Keep your eyes open,
Pete
UNICAT