Gentoo Archives: gentoo-security

From: Andrew Gaffney <agaffney@×××××××××××.com>
To: Mike Frysinger <vapier@g.o>
Cc: gentoo-security@l.g.o
Subject: Re: [gentoo-security] [Fwd: [Full-Disclosure] Re: Automated SSH login attempts?]
Date: Fri, 30 Jul 2004 03:05:24
Message-Id: 4109BA7F.5040902@skylineaero.com
In Reply to: Re: [gentoo-security] [Fwd: [Full-Disclosure] Re: Automated SSH login attempts?] by Mike Frysinger
1 Mike Frysinger wrote:
2 > On Thursday 29 July 2004 08:39 pm, Alex Efros wrote:
3 >
4 >>So my initial question mean: is community sure there is no such 'hidden
5 >>meaning' in these attacks?
6 >
7 >
8 > going by the files, it looked like it was a bunch of little irc wankers from
9 > undernet ... many computers had emechs (irc bot) installed on them and they
10 > connected to undernet servers and joined some hax0rs chans ...
11 >
12 > i think someone joined there and saw that the chans had about 10 or so of
13 > these kind of bots idling in the channel
14
15 Does anyone have access to a rooted box? I'd like to start tracking these
16 people. The only way I see to do it is to root the boxes I'm getting probed from
17 and check their logs (not a good idea) or get logs from someone who has been
18 rooted (much better idea).
19
20 --
21 Andrew Gaffney
22 Network Administrator
23 Skyline Aeronautics, LLC.
24 636-357-1548
25
26
27 --
28 gentoo-security@g.o mailing list