IRC Zombie problem 2005-09-08 - By Richard R. Danielson
Back
Hello all,
Several days ago, I installed the clamav antivirus program on my server. I
got the rpm's from Dag Wieers' repository. At the same time, I
(inadvertently) installed several other rpm's from his repository - eel2,
intltool, lftp, libxml2, libxml2-devel, libxml2-python, logwatch, mtools,
mtr, nmap, perl-Digest-SHA1, Perl-Net-DNS, perl-XML-Parser, rsync,
spamassassin, splint, syslinux and vmms.
This may have nothing to do with my present situation, but since about
1:30am this morning, my server has been attacking another machine and my
university has now shut off the machine internally and externally. The
information I received was that my machine has an irc zombie program on it,
which is attacking various other machines.
My question is how the situation may have arised and whether it is
recoverable without zapping my system. In addition, I would also really
like to know what to do to prevent a similar situation in the future. I am
running RHEL 3 update 5 and have Firestarter as a firewall. Thanks.
Rick Danielson
--
Taroon-list mailing list
Taroon-list@(protected)
http://www.redhat.com/mailman/listinfo/taroon-list
Earn $52 per hosting referral at Lunarpages.
|
|
