Security Incidents mailing list archives
compromised machine as ASU
From: fred anger <anger () RIGHTARM ORG>
Date: Sat, 16 Sep 2000 10:09:04 -0700
Greetings. I run an OpenBSD machine that provides mail and shell access to a few of my friends via secure shell. No telnet nor ftp. Some users use imap to check mail, but their logins are disabled. Anyway, yesterday, a friend ssh'ed in from a machine at Arizona State University - general3.asu.edu - checked her email and logged out. Two minutes later, another ssh connection from general3.asu.edu was logged, as well as another login to her account. I probably wouldn't have noticed, but sudo sent me a message noting that the user tried to use sudo (I don't have a sudoers file). This friend has no idea what sudo is or does, and she's positive she did not log in twice within 2 minutes yesterday, so I'm guessing the ssh client on general3.asu.edu has been trojaned and is logging passwords, and that the 2nd connection was a cracker who owns (at least) general3.asu.edu. I have no idea who to contact at ASU regarding this, so if anyone has any ideas, please let me know. Thanks. -fa
Current thread:
- compromised machine as ASU fred anger (Sep 17)
- Re: compromised machine as ASU Ryan Russell (Sep 18)
- Re: compromised machine as ASU Erik Tayler (Sep 18)
- Re: compromised machine as ASU Matthew S. Hallacy (Sep 18)