[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Warning - hack attempts
> On 13-Oct-98 Eli Marmor wrote:
> > Marc A. Volovic wrote:
> >>
> >> I am getting repeated imapd hack attempts from shsrv.shaked.co.il and
> >> unitednation.net, please take note.
> >
These days, I saw several attempts to hack three Linux systems from
RAS1-p100.pt.netvision.net.il
and from
RAS1-p38.pt.netvision.net.il
On one system (old Slackware 1.2.13) they partially succeeded. The hacker
is apparently unexperienced, since he left lots of traces after him.
Important thing is, he was using rootkit. It is a package that substitutes
lots of system programs with hacked ones (syslogd, inetd, login, pop3,
imapd, rcpd and a lot more). The whole package was left there, so this
helped me in finding what it does.
I reported the attempt, together with all relevant information, to
wan@netvision.net.il and hope to get their response soon.
Andy
Dr Andy Tsouladze
Unix System Administrator
Motorola Communications Israel
mailto:andyt@mcil.comm.mot.com
mailto:andy@spl.co.il (old)
mailto:andy@environment.negev.k12.il
http://www.spl.co.il/~andy