Security Incidents mailing list archives
Being Hacked?! Please Help!!
From: flee () MAIL HOWARD K12 MD US (Francis Lee)
Date: Thu, 24 Feb 2000 09:34:27 -0500
Hi, I've sent a report to CERT... But I'd like to alert/discuss this with the experts.... I'm attaching three text files detailing the incident: "mail_server_isssue" shows how I found out this incident and "bash_history" is the .bash_history file in /root that shows, potentially, what the person did.... And last but not least, "hidden_dir" shows the directory that the person created in /var/tmp. The program running basically captures all the connection with "interesting info" logged. I've upgraded qpopper from b26 to b34 (since it looks like a qpopper buffer overflow attack..) Thanks!! Regards, Francis Lee Network Specialist Howard County Public School System ph 410-313-7042 fax 410-313-7045 flee () mail howard k12 md us <HR NOSHADE> <UL> <LI>application/octet-stream attachment: hidden_dir </UL> <HR NOSHADE> <UL> <LI>application/octet-stream attachment: mail_server_issue.log </UL> <HR NOSHADE> <UL> <LI>application/octet-stream attachment: bash_history </UL>
Current thread:
- smurf scanning Jon Lewis (Feb 20)
- Re: smurf scanning Robert Graham (Feb 21)
- rooted Philip Champon (Feb 22)
- Re: rooted Omachonu Ogali (Feb 23)
- Re: rooted Administrator (Feb 23)
- Being Hacked?! Please Help!! Francis Lee (Feb 24)
- Re: rooted John Kougoulos (Feb 24)
- Re: smurf scanning Rick Magill (Feb 23)
- rooted Philip Champon (Feb 22)
- @home: Is *anyone* really home there??? Missouri FreeNet Administration (Feb 22)
- Re: @home: Is *anyone* really home there??? Omachonu Ogali (Feb 22)
- Re: @home: Is *anyone* really home there??? Jim Littlefield (Feb 23)
- Re: @home: Is *anyone* really home there??? James M. Atkinson, Comm-Eng (Feb 23)
- Re: @home: Is *anyone* really home there??? David Brumley (Feb 23)
- Re: @home: Is *anyone* really home there??? Philip R. Moyer (Feb 23)
- Re: @home: Is *anyone* really home there??? Jim Littlefield (Feb 23)
- Re: @home: Is *anyone* really home there??? Brad Griffin (Feb 24)
- Re: smurf scanning Robert Graham (Feb 21)