I suspect we've been hacked, nothing wrong on our end, but lots of
places are screaming that some probe attempts are going on from our
server.
Czech Republic, UK, NASA (600 ip's probed).... HELP...!! what can I look
for?
running DEC unix OSF 4.0a (rev 464)
Seems odd in netstat:
tcp 0 0 server.1042 shell3.ba.best.c.65530
ESTABLISHED
tcp 0 0 server.1041 assimilation.ucf.6666
ESTABLISHED
What does this mean? server.#### (this port isn't in our /etc/services)
and what's the number after the host?
tcpdump not installed.... I can't get kernel rebuilt, says:
> rm -f vmunix vmunix.sys
> loading vmunix.sys
> ld:
> Can't open: jin.mod (No such file or directory)
> *** Exit 1 (ignored)
> chmod 755 a.out
> chmod: a.out: No such file or directory
> *** Exit 4
> Stop.
> Press RETURN to continue:
>
> *** NOTE ***
> The customized kernel for this machine could not be successfully
> created. One possible problem could be kernel layered products
> that might be incompatible with the base operating system. This
> script will now automatically attempt to build a kernel using the
> base operating system only.
>
I don't see any processes taking up a lot of CPU, i've tried checking &
replacing ls and ps command in case they were replaced. any
suggestions!?
Thanks!!!
Dan
--------------------------------------------------------------------------
Dan Kirkpatrick dkirk_at_phy.syr.edu
Systems Administrator/Manager
Department of Physics
Syracuse University, Syracuse, NY
http://www.phy.syr.edu/~dkirk Fax: (315) 443-9103
Personal:
http://www.geocities.com/heartland/6540/
--------------------------------------------------------------------------
Received on Thu Jul 02 1998 - 03:23:30 NZST