Anatomy of a Unix breach
Aug 01, 2011, 20:00 (2 Talkback[s])
"The whole breach of Will's server started via a password
guessing attack against SSH. We have covered this risk repeatedly
in ISC diaries. Once the bad guys were in, they ran the commands
below, and then apparently used the just installed IRC bots to
continue scanning for SSH ports on other systems.
Phase#1: The bad guy tries to find out more about the box he
just broke into
Phase#2: Bad guy downloads all the Linux root exploits that he
has, and just run them, hoping for a lucky break.