[Leaplist] Server break-in attempt through NAGIOS user
Phil Barnett
philb at philb.us
Thu Sep 6 19:25:17 EDT 2007
On Thursday 06 September 2007, David Simmons wrote:
> ssh.....I logged into the server....did a 'user' and saw that nagios was
> logged in..when I did a ps aux, the nagios user had about 50 sshd sessions
> running!
>
> I looked briefly through the files - and it was
> basically doing port scans/login attempts to other machines.....still
> researching what it's 'ultimate' goal was?!
>
> - Dave
Spreading...
--
Phil Barnett
AI4OF
SKCC #600
More information about the Leaplist
mailing list