[lug] script kiddie
Scott A. Herod
herod at dimensional.com
Sun Dec 1 21:20:08 MST 2002
"D. Stimits" wrote:
>
> jdavis wrote:
>
> > hello,
> > While reviewing last nights Snort logs I noticed alot of ssl - slapper
> > like activity from one box to my webserver. The box looked to be
> > in tyland, so i decided to have a look.
D. Stimits wrote:
>
> Likely the owner needs to know that every
> password entered that went through that machine is known to the
> attacker, and if ssh has been replaced, even passwords sent via ssh will
> be known. The real owner of the machine really needs to know what is
> going on.
I agree with Dan but I HIGHLY recommend that you not mention that you
climbed around in the box for awhile. A polite note that you saw
attempted connections from the machine that are similar to those used by
r00t.sh might be best.
Scott
More information about the LUG
mailing list