[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Hacked stable system?

Gleb Arshinov wrote:

I am running an up-to-date stable distribution.  It looks like it may
have been hacked yesterday, but I am not sure how. So, what could have caused ssh/telnet to hang like this while ftp
worked fine?  What else should I check for break-in signs?  I am
thinking I should reinstall the system from scratch.  However, same
exploit could be used again.

Have you checked ``hosts.deny'' and similar. If there was a temporary name server failure for the name server for the machine you were connecting _from_ you might get such an error or even your tinydns server.

I realize that this should apply to ftp and imap as well, but obviously didn't - but this is always the problem when I experience timeouts or long login times with ssh and telnet.

At least this would explain your initial symptom for alarm, while at the same time explaining how only some services where affected.

Lars Bahner,

All will reveal itself and things will be clear.

Reply to: