Gleb Arshinov wrote:
I am running an up-to-date stable distribution. It looks like it mayhave been hacked yesterday, but I am not sure how. So, what could have caused ssh/telnet to hang like this while ftpworked fine? What else should I check for break-in signs? I am thinking I should reinstall the system from scratch. However, same exploit could be used again.
Have you checked ``hosts.deny'' and similar. If there was a temporary name server failure for the name server for the machine you were connecting _from_ you might get such an error or even your tinydns server.
I realize that this should apply to ftp and imap as well, but obviously didn't - but this is always the problem when I experience timeouts or long login times with ssh and telnet.
At least this would explain your initial symptom for alarm, while at the same time explaining how only some services where affected.
-- Lars Bahner, http://lars.bahner.com/ All will reveal itself and things will be clear.