Have you run any kind of mac time analysis against it? (i.e. macdaddy) That can sometimes help point to the entry point if the point was on this box. It could always be something besides the native apps; a home grown app, a trusted server, etc... Jeff. ----- Snipped Message----- From: owner-crime@private [mailto:owner-crime@private]On Behalf Of A.J. Weinzettel I have had multiple breakins somehow using different versions of RedHat (7.1,7.3,&8.0). This started last week on the 7.1 and 7.3 boxes. I have been keeping up on all the latest patches for Apache, Sendmail, SSH, MySQL.
This archive was generated by hypermail 2b30 : Tue Nov 18 2003 - 22:06:43 PST