Need urgent help regarding security

Brian Reichert reichert at numachi.com
Thu Nov 17 07:54:33 PST 2005


On Wed, Nov 16, 2005 at 05:25:52PM -0800, Mark Jayson Alvarez wrote:
> Good Day!
> 
> I think we have a serious problem. One of our old
> server running FreeBSD 4.9 have been compromised and
> is now connected to an ircd server..
> 195.204.1.132.6667     ESTABLISHED

I had a 4.9 box compromised though the ssh install (I'm certain it
wasn't openssh, but the base install), and was running an irc server
itself.

I just yanked the box off the net, and scrubbed it flat, and
reinstalled.  In my case, it wasn't worth the time to track who and
when and how; I needed to put the server back on the net.

Good luck on chasing them down.

Are you sure that effort is worth it to you?

> Thanks..
> 
> 
> 	
> 		
> __________________________________ 
> Yahoo! Mail - PC Magazine Editors' Choice 2005 
> http://mail.yahoo.com

-- 
Brian Reichert				<reichert at numachi.com>
55 Crystal Ave. #286			Daytime number: (603) 434-6842
Derry NH 03038-1725 USA			BSD admin/developer at large	


More information about the freebsd-security mailing list