Re: Unusual Message log contents

From: Mark Newby (markat_private)
Date: Wed May 08 2002 - 05:13:40 PDT

  • Next message: Mally Mclane: "Re: Publishing Nimda Logs"

    Gregory Kane wrote:
    > Ok - I'm not totally sure what is going on here. Does 
    > anyone have a thought about this entry in my message.log 
    > file?
    I saw this sort of stuff prior-to/during/after a Red Hat Linux 7.2 Web 
    server was cracked into an used by crackers to install IRC bots, 
    sniffers, trojaned servers (ftp server), etc.
    I'd check for rogue files, rootkits, etc.  a good start is to run 
    chkrootkit (<>).  there's lots of FAQs, etc on the www 
    that explain the steps to go through in detecting if you've been 
    compromised and how to recover.
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:

    This archive was generated by hypermail 2b30 : Wed May 08 2002 - 09:29:20 PDT