attack question
From: Rob (rshahamat_at_hotmail.com)
Date: 09/25/03
- Next message: Alex Moore: "Re: Ximian Evolution on Solaris 9 Sparc (installed but aborts)"
- Previous message: Trilateral: "Re: solaris practical for home users?"
- Next in thread: Ian Fitchet: "Re: attack question"
- Reply: Ian Fitchet: "Re: attack question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 25 Sep 2003 16:09:56 -0400
It seems someone attacked our sun server:
> prstat
PID USERNAME SIZE RSS STATE PRI NICE TIME CPU PROCESS/NLWP
26750 root 976K 784K run 0 0 1:19.46 79% dd/1
> ps -ef | grep 26750
root 26750 26693 73 13:27:41 ? 79:50 dd if=/dev/zero of=./ARSEX3
bs=1 count=
> ps -ef | grep 26693
root 26750 26693 79 13:27:41 ? 80:05 dd if=/dev/zero of=./ARSEX3
bs=1 count=
root 26693 26690 0 13:27:40 ? 0:00 /bin/ksh ./sz /bin/ls bin/ls
we aren't running those commands. so any idea how we can prevent that, also
any idea to see what happend here.
Thanks for any help.
Rob
- Next message: Alex Moore: "Re: Ximian Evolution on Solaris 9 Sparc (installed but aborts)"
- Previous message: Trilateral: "Re: solaris practical for home users?"
- Next in thread: Ian Fitchet: "Re: attack question"
- Reply: Ian Fitchet: "Re: attack question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
