-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 15 Aug 2003, Juri Haberland wrote: > /sbin/init had nearly the same timestamp (Aug 12 23:17:29 2003) as the > following log entry from the Realserver's rmerror.log file: > > ***12-Aug-03 23:18:12.471 rmserver(11402): Server automatically restarted > due to fatal error condition >From this it would seem most likely to be an exploit of the rmserver process. Check to see if there is an unpatched SecurityFocus BID for RealServer otherwise you were probably comprimised with an as-yet-publicly-unknown exploit. I'd try working with Real.com and see if they'll provide any help (well, here's to hoping 8^) If you can find a live copy of the exploit used on the system, for example if your system was used to attack others, that'd be very helpful. - -- Mark Tinberg <MTinbergat_private> Network Security Engineer, SecurePipe Inc. New Key fingerprint = FAEF 15E4 FEB3 08E8 66D5 A1A1 16EE C5E4 E523 6C67 Your daily fortune . . . Modesty: The gentle art of enhancing your charm by pretending not to be aware of it. -- Oliver Herford -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE/PbocFu7F5OUjbGcRAkMKAKCxR701gRfcQyDveG9siEIqqAzi+wCgqvyd qL1sz25Ow2RU2YLXQQ7/64I= =4plq -----END PGP SIGNATURE----- --------------------------------------------------------------------------- Captus Networks - Integrated Intrusion Prevention and Traffic Shaping - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Automatically Control P2P, IM and Spam Traffic - Ensure Reliable Performance of Mission Critical Applications - Precisely Define and Implement Network Security and Performance Policies **FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo Visit us at: http://www.securityfocus.com/sponsor/CaptusNetworks_incidents_030814 ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Sat Aug 16 2003 - 13:02:21 PDT