Re: See what a weak password will get ya?

To: debian-user@lists.debian.org
Subject: Re: See what a weak password will get ya?
From: Paul Stolp <paulywall@myrealbox.com>
Date: Thu, 22 Jul 2004 22:31:47 -0500
Message-id: <[🔎] 20040723033147.GC2506@greta.homelinux.net>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20040722230857.32c40ad2@stax>
References: <[🔎] 20040722224253.GA3895@greta.homelinux.net> <[🔎] 20040722230857.32c40ad2@stax>

* Chris Metzler <cmetzler@speakeasy.net> [2004-07-22 22:18]:
> On Thu, 22 Jul 2004 17:42:53 -0500
> Paul Stolp <paulywall@myrealbox.com> wrote:
> >
> > shutdown -h now  !
> 
> Believe it or not, this is often a bad idea.  It's often easier to
> determine the scope of a compromise by watching the intrude for a little
> while than to attempt to find out afterwards with forensics.

I thought this afterwards, but it appears the attacker went away empty
handed anyways. He was already logged out when I noticed the high load.
He tried to kill the "t" program, but couldn't. I suspect he was
somewhat inept (as was I with the pathetic password I assigned to the
guest account!) in reviewing the logs and bash history, it becomes
fairly easy to piece together.

I will definitely consider your advice when I'm in this situation again.

> 
> > look for damage, whew, I was O.K.
> 
> How did you determine this?

chkrootkit and, more satisfying to me, md5sums of some key binaries.

Thanks,
Paul
--

Reply to:

References:
- See what a weak password will get ya?
  - From: Paul Stolp <paulywall@myrealbox.com>
- Re: See what a weak password will get ya?
  - From: Chris Metzler <cmetzler@speakeasy.net>

Prev by Date: Re: OT: Re: See what a weak password will get ya?
Next by Date: Re: See what a weak password will get ya?
Previous by thread: Re: See what a weak password will get ya?
Next by thread: Re: See what a weak password will get ya?
Index(es):
- Date
- Thread