Anatomy of a Unix breach

"The whole breach of Will's server started via a password guessing attack against SSH. We have covered this risk repeatedly in ISC diaries. Once the bad guys were in, they ran the commands below, and then apparently used the just installed IRC bots to continue scanning for SSH ports on other systems.

Phase#1: The bad guy tries to find out more about the box he just broke into

uptime
uname -a
w
ifconfig

Phase#2: Bad guy downloads all the Linux root exploits that he has, and just run them, hoping for a lucky break.

Complete Story

Related Stories:

• Linux And Unix Internet User And Site Security - How Much Is Too Much?(Dec 09, 2008)
• More Fun With Security Through Obfuscation On Linux And Unix(Jun 03, 2008)
• Bastille: Classic Linux and Unix Security(Oct 09, 2007)
• OSNews: UNIX Security: Don't Believe the Truth(Feb 07, 2006)