Need urgent help regarding security
Brian Reichert
reichert at numachi.com
Thu Nov 17 07:54:33 PST 2005
On Wed, Nov 16, 2005 at 05:25:52PM -0800, Mark Jayson Alvarez wrote:
> Good Day!
>
> I think we have a serious problem. One of our old
> server running FreeBSD 4.9 have been compromised and
> is now connected to an ircd server..
> 195.204.1.132.6667 ESTABLISHED
I had a 4.9 box compromised though the ssh install (I'm certain it
wasn't openssh, but the base install), and was running an irc server
itself.
I just yanked the box off the net, and scrubbed it flat, and
reinstalled. In my case, it wasn't worth the time to track who and
when and how; I needed to put the server back on the net.
Good luck on chasing them down.
Are you sure that effort is worth it to you?
> Thanks..
>
>
>
>
> __________________________________
> Yahoo! Mail - PC Magazine Editors' Choice 2005
> http://mail.yahoo.com
--
Brian Reichert <reichert at numachi.com>
55 Crystal Ave. #286 Daytime number: (603) 434-6842
Derry NH 03038-1725 USA BSD admin/developer at large
More information about the freebsd-security
mailing list