Re: Hacked stable system?
Gleb Arshinov wrote:
I am running an up-to-date stable distribution. It looks like it may
have been hacked yesterday, but I am not sure how.
So, what could have caused ssh/telnet to hang like this while ftp
worked fine? What else should I check for break-in signs? I am
thinking I should reinstall the system from scratch. However, same
exploit could be used again.
Have you checked ``hosts.deny'' and similar. If there was a temporary
name server failure for the name server for the machine you were
connecting _from_ you might get such an error or even your tinydns server.
I realize that this should apply to ftp and imap as well, but obviously
didn't - but this is always the problem when I experience timeouts or
long login times with ssh and telnet.
At least this would explain your initial symptom for alarm, while at the
same time explaining how only some services where affected.
All will reveal itself and things will be clear.