[Leaplist] Server break-in attempt through NAGIOS user
David Simmons
dave at dgnal.net
Thu Sep 6 18:29:12 EDT 2007
> Logging in via what program? SSH? Web interface?
ssh.....I logged into the server....did a 'user' and saw that nagios was
logged in..when I did a ps aux, the nagios user had about 50 sshd sessions
running!
I looked briefly through the files - and it was
basically doing port scans/login attempts to other machines.....still
researching what it's 'ultimate' goal was?!
- Dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.leap-cf.org/pipermail/leaplist/attachments/20070906/f28b5dd7/attachment.html
More information about the Leaplist
mailing list