I would agree, that it is great learning experience. Hopefully it gives a little insight into why they do what they do. After you have learned a little and maybe even messed with them a little then you should reload the box. Just my opinion though. On 2/23/07, daz wrote: > Jim wrote: > > Last night I came home from work and sat down at the computer. I > > noticed the lights on the DSL router were blinking very rapidly. I have > > an ftp server running on my linux box (Slackware 10.2). So I thought > > someone might have been uploading something. > > Is there anything else I should do? > > > > thanks > > > > I'm going to go against the grain here with my suggestion. My first > question would be: > > How important to you is it that that servers stays 'pure'? > My second question: > > Do you have the time/curiosity to try to find out what happened? > > Back in the day, one of my servers got hacked. It was an ssh exploit > (the funny thing was that I had patched ssh for an exploit. I just > didnt see that the patch had an exploit so didn't patch the patch. > pleh). Anyway, since it was my home server and I wanted to know wtf > happened, I didnt reinstall. I did forensics. I got clean copies of > some binaries: > > ls, ps, lsof, file, cat, more, sh, find, netstat, etc. > > then started checking out my system. I was a tremendous learning > experience. And yes, I did it while the box was live and the jerk was > still doing his/her thing. > > One of the interesting things I found out was how many other servers the > jerk found that were easily exploited :) > > Of course, this depends *entirely* on how important and sensitive your > server and its data are(is?). > > David > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change you mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss