[WF-Announce] [Super Urgent!] Victor.

gabriel-worldforge at daphnae.bigdam.net gabriel-worldforge at daphnae.bigdam.net
Thu May 16 17:14:12 PDT 2002


************************ Important Announcement **************************

I have been receiving login attempts to my machine at work from victor
when I was not logged on.  I recommend HIGHLY that all users on victor
change their passwords *as soon as possible*.

Log excerpts:

May 16 15:15:04 sysadmin sshd[29316]: Failed password for gabriel from
66.119.199.38 port 1023
May 16 15:15:04 sysadmin sshd[29316]: Connection closed by 66.119.199.38
May 16 15:15:18 sysadmin sshd[29323]: Failed password for gabriel from
66.119.199.38 port 1022
May 16 15:15:18 sysadmin sshd[29323]: Connection closed by 66.119.199.38
May 16 15:15:27 sysadmin sshd[29324]: Failed password for gabriel from
66.119.199.38 port 1021
May 16 15:15:27 sysadmin sshd[29324]: Connection closed by 66.119.199.38

I have not been logged into victor during these times, so some account
there is attempting to log into my work machine from there. (How my work
IP was obtained, I do not know.)

Attn: MyCars and Malcolm:

	Victor could probably use another rootkit audit.  I will try to
get to this later tonight, but I do not know if I will be able to.  (I am
going to see Episode 2 tonight, so I won't be home until very late, and in
all likelihood, I will be too tired.)

Thanks,
Gabriel.

--
Gabriel Cain, gabriel at worldforge.org		Systems Admin / Security
http://gabriel.bigdam.net/index.php		Worldforge Infrastructure
Brook's Law:     Adding manpower to a late software project makes it later




More information about the Announce mailing list