[lug] Something bad???-UPDATE!
Shannon Johnston
nunar at iws.net
Tue Jan 9 17:01:04 MST 2001
I checked through the system and nothing has been modified or added that I
haven't done myself.
The user that it's doing that for doesn't exist on my system...
Shannon
On Tue, 9 Jan 2001, Scott A. Herod wrote:
> May not be your SSHD though. I've seen a couple of reports of
> sshd based trojans. Verify that you have the original versions
> of ls, ps, netstat and lsof ( they are replaced in the attacks
> that I've seen ) and check you system. Also, look at
>
> http://lists.insecure.org/incidents/2000/Sep/0214.html
>
> Scott
>
> Shannon Johnston wrote:
> >
> > Sorry, I forgot to mention that it's SSHD producing this message.
> >
> > > I've had this message run through my log file. What's going on here
> > >
> > >
> > > >> Faking authloop for illegal user <user> from <IPADDR> port 61478
> > >
> > > Anybody know?
> > >
> > > Thanks,
> > > Shannon Johnston
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>
More information about the LUG
mailing list