紧急求助---机器被侵入. - 未名空间MITBBS历史存档

国际科技财经博客移民网络热点娱乐民生时事公众号

Redian新闻

>未名空间

>Security - 系统安全

紧急求助---机器被侵入.

紧急求助---机器被侵入.# Security - 系统安全

s*e2001-01-31 08:01

1 楼

以下是相关信息. 请高手指点怎么才能干净彻底的解决这个被侵入的机器.
The attack discovered yesterday, Jan. 30.
login: co
System: IRIX 6.5
Connected from: ACA44A79.ipt.aol.com
I logged in as root and used su co to log in as co. I did whoami to find
that co is root.
co has entry in /etc/passwd .
This file was modified on Jan. 30, about one minute after login.
No entry or modification in /etc/shadow .
The system manager application on IRIX gave the following information on
the user:
login: co
real name: PR
home directory: /tmp
g

d*z2001-01-31 08:01

2 楼

my only suggestion is to backup all the useful data and
format and reinstall the machine. it is possible that the
intruder has installed multiple backdoors to your system and
it will be very hard or impossible to detect all of them.

【在 s***e 的大作中提到】

: 以下是相关信息. 请高手指点怎么才能干净彻底的解决这个被侵入的机器.
: The attack discovered yesterday, Jan. 30.
: login: co
: System: IRIX 6.5
: Connected from: ACA44A79.ipt.aol.com
: I logged in as root and used su co to log in as co. I did whoami to find
: that co is root.
: co has entry in /etc/passwd .
: This file was modified on Jan. 30, about one minute after login.
: No entry or modification in /etc/shadow .

m*t2001-01-31 08:01

3 楼

maybe do a tcp/ip dump or use some kind of network sniffer
to find suspicious activities....monitor all processes...search for virus
usually it can be very time consuming. better put some protection before your
network, such as firewall.

【在 d*****z 的大作中提到】

: my only suggestion is to backup all the useful data and
: format and reinstall the machine. it is possible that the
: intruder has installed multiple backdoors to your system and
: it will be very hard or impossible to detect all of them.