| 1 |
I know this seems like a given, but have you checked your bash_history (if |
| 2 |
it still exists), /var/log/messages, etc? Do you use a kernel with modules |
| 3 |
enabled? Do you have a firewall between the server and the outside world |
| 4 |
that would yeild any insight as to what that suspected box is doing? |
| 5 |
|
| 6 |
|
| 7 |
On Fri, January 20, 2006 06:24, darren kirby wrote: |
| 8 |
> quoth the Jean Blignaut: |
| 9 |
>> Hi All |
| 10 |
> |
| 11 |
>> I was contacted an hour or so aggo by some one claiming that they are |
| 12 |
>> being port scanned by an ip used on one of our production gentoo |
| 13 |
>> servers. |
| 14 |
> |
| 15 |
> This could possibly be someone using your machine as a zombie host for an |
| 16 |
> idlescan: |
| 17 |
> http://www.insecure.org/nmap/idlescan.html |
| 18 |
> |
| 19 |
>> Best Regards |
| 20 |
>> |
| 21 |
>> Jean Blignaut |
| 22 |
> |
| 23 |
> -d |
| 24 |
> -- |
| 25 |
> darren kirby :: Part of the problem since 1976 :: http://badcomputer.org |
| 26 |
> "...the number of UNIX installations has grown to 10, with more |
| 27 |
> expected..." |
| 28 |
> - Dennis Ritchie and Ken Thompson, June 1972 |
| 29 |
> |
| 30 |
|
| 31 |
|
| 32 |
-- |
| 33 |
Steven McCoy |
| 34 |
Site Development/Manager |
| 35 |
IndigoRobot Services |
| 36 |
http://www.indigorobot.com |
| 37 |
mailto:stevenmccoy@×××××××××××.com |
| 38 |
|
| 39 |
-- |
| 40 |
gentoo-server@g.o mailing list |
Archives