#1  
Old 22nd August 2006, 08:56
agurung agurung is offline
Junior Member
 
Join Date: Aug 2006
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default SSH Attack from Fedora Core 2

Hi

We have another problem again. One of my friend has a fedora core 2 box setup. He mainly use for compilling programs e.g. Java, C and some time used for as a test web server.

Now all of sudden this server is trying to make hug numbers of ssh connection to different server. now we blocked ssh connection on firewall so that this server is not creating problem for other server. some time it also kills whole firewall...

i must admit we are not so use to linux predominately from windows background.. we spend some time and couldn't figure out how to fix it. we are also thinking to reinstall all together..

we will really appreciate if anyone could give a hint where things could have gone wrong.
Reply With Quote
Sponsored Links
  #2  
Old 23rd August 2006, 14:56
falko falko is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

First, you should check your system for trojans and rootkits with rkhunter and chkrootkit: http://www.howtoforge.com/faq/1_38_en.html
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 24th August 2006, 00:54
agurung agurung is offline
Junior Member
 
Join Date: Aug 2006
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi

We did checked with those tools and didn't find any major issues. Now we have shut down ssh server and we do not see any ssh request going out from this server any more.

We haven't tried turning ssh server on and thinking to replace the server all together only problem now is all those setup which took some time to build.

If there is better idea we will really appreciate.

Thank you
Reply With Quote
  #4  
Old 25th August 2006, 05:23
falko falko is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

Are there maybe some cron jobs that try to connect to other servers using SSH, or did you grant shell access to your users? Maybe one of them is trying to connect to other servers...
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
The Perfect Setup - Fedora Core 4 british.assassin Server Operation 9 21st February 2008 17:29
Postfix + Fedora Core 5 64Bit - Problem GrBase HOWTO-Related Questions 5 7th August 2006 13:41
php4-cgi with apt-get on Fedora Core 3 rbartz Installation/Configuration 2 27th July 2006 08:51
Phpbb plus and fedora core 5 widean Installation/Configuration 9 12th July 2006 23:28
Fedora Core 5.0 and SimplyMepis gtoman Installation/Configuration 2 10th July 2006 20:12


All times are GMT +2. The time now is 09:43.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.