Re: [TCLUG:15603] Possible attack?

To: Twin Cities Linux User Group <tclug-list@mn-linux.org>
Subject: Re: [TCLUG:15603] Possible attack?
From: Nate Carlson <natecars@real-time.com>
Date: Thu, 6 Apr 2000 11:08:34 -0500 (CDT)
In-Reply-To: <Pine.LNX.4.21.0004052116090.2173-100000@dysonsphere.ringworld.org>

On Wed, 5 Apr 2000, Kevin Bullock wrote:

> Hey all --
> 
> Something very strange and suspicious just happened -- my box was brought
> to a grinding halt for a completely unknown reason. The only unusual thing
> I can find in my logs is:
> 
> Apr  5 21:05:23 dysonsphere kernel: VM: killing process xscreensaver
> Apr  5 21:06:11 dysonsphere kernel: VM: killing process gnome-terminal
> Apr  5 21:09:11 dysonsphere kernel: VM: killing process communicator-sm
> 
> And those were after the system became useable again. The other wierd
> thing is this in a finger @localhost:
> 
> kbullock  Kevin Bullock  *pts/0       1  Apr  5 14:34 (lisieux.cs.csbsju.edu)
> 
> lisieux.cs is the machine in the CS lab that I was logged into earlier
> today. This persists even after I shut down sshd (which was how I logged
> in).

Did you kill all ssh processes? Shuttign down sshd won't kill the servers
that are spawned for each connection.. unless you're doing a killall sshd.
:)

-- 
Nate Carlson <natecars@real-time.com>   | Phone : (952)943-8700
http://www.real-time.com                | Fax   : (952)943-8500

References:
- Possible attack?
  - From: Kevin Bullock <kbullock@ringworld.org>

Prev by Date: Post-op (fixed line-wrapping) (Was: MrNet sucking yet again)
Next by Date: Re: [TCLUG:15569] SGI Indy Boxen
Prev by thread: Re: [TCLUG:15603] Possible attack?
Next by thread: RE: [TCLUG:15601] SGI Boxes (update?)
Index(es):
- Date
- Thread