|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [suse-security] have I been invaded?
From: John Andersen (jsa
pen.homeip.net)
Date: Tue Jun 03 2003 - 22:16:08 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tuesday 03 June 2003 19:08, Richard wrote:
> On Tue, 2003-06-03 at 18:45, John Andersen wrote:
> > On Tuesday 03 June 2003 14:05, Richard wrote:
> > > My logs showed that I was constantly being scanned for ports 80, and
> > > the other windows based ports like 443 and 1434, . Also I saw a lot of
> > > scans by Korean and Chinese URL's hitting my higher ports like 27374.
> > > One day I noticed things were not quite right. It;s hard to describe
> > > what was going on, so I downloaded and fired up the chkrootkit app and
> > > sure enough, I had been invaded.
> >
> > If you saved your config files from the old instalation, check your
> > sshd_config to see if you had enabled ssh1.
>
> Nope, I didnt save that particular config file. I looked through the
> current sshd_config file but cannot see where ssh1 is enabled. The man
> page wasn't any help either. I went through it 3 times but cannot see
> where ssh1 is enabled. What am I looking for?
#Port 22
Protocol 2
#ListenAddress 0.0.0.0
Make sure the protocol line says as above and not
Protocol 2,1
or
Protocol 1,2
--
_____________________________________
John Andersen
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]