1 |
I know this seems like a given, but have you checked your bash_history (if |
2 |
it still exists), /var/log/messages, etc? Do you use a kernel with modules |
3 |
enabled? Do you have a firewall between the server and the outside world |
4 |
that would yeild any insight as to what that suspected box is doing? |
5 |
|
6 |
|
7 |
On Fri, January 20, 2006 06:24, darren kirby wrote: |
8 |
> quoth the Jean Blignaut: |
9 |
>> Hi All |
10 |
> |
11 |
>> I was contacted an hour or so aggo by some one claiming that they are |
12 |
>> being port scanned by an ip used on one of our production gentoo |
13 |
>> servers. |
14 |
> |
15 |
> This could possibly be someone using your machine as a zombie host for an |
16 |
> idlescan: |
17 |
> http://www.insecure.org/nmap/idlescan.html |
18 |
> |
19 |
>> Best Regards |
20 |
>> |
21 |
>> Jean Blignaut |
22 |
> |
23 |
> -d |
24 |
> -- |
25 |
> darren kirby :: Part of the problem since 1976 :: http://badcomputer.org |
26 |
> "...the number of UNIX installations has grown to 10, with more |
27 |
> expected..." |
28 |
> - Dennis Ritchie and Ken Thompson, June 1972 |
29 |
> |
30 |
|
31 |
|
32 |
-- |
33 |
Steven McCoy |
34 |
Site Development/Manager |
35 |
IndigoRobot Services |
36 |
http://www.indigorobot.com |
37 |
mailto:stevenmccoy@×××××××××××.com |
38 |
|
39 |
-- |
40 |
gentoo-server@g.o mailing list |