Linux Today: Linux News On Internet Time.

More on LinuxToday

Anatomy of a Unix breach

Aug 01, 2011, 20:00 (2 Talkback[s])

"The whole breach of Will's server started via a password guessing attack against SSH. We have covered this risk repeatedly in ISC diaries. Once the bad guys were in, they ran the commands below, and then apparently used the just installed IRC bots to continue scanning for SSH ports on other systems.

Phase#1: The bad guy tries to find out more about the box he just broke into

uname -a

Phase#2: Bad guy downloads all the Linux root exploits that he has, and just run them, hoping for a lucky break.

Complete Story

Related Stories: