Philosophically Secure » linux http://eugk.net/wordpress Eugene Kogan's blog on information security and software engineering Mon, 27 Jun 2011 13:25:39 +0000 en hourly 1 http://wordpress.org/?v=3.3.2 Investigating a Linux zombie http://eugk.net/wordpress/2007/09/17/investigating-a-linux-zombie/ http://eugk.net/wordpress/2007/09/17/investigating-a-linux-zombie/#comments Mon, 17 Sep 2007 15:17:11 +0000 eugenekogan http://eugenekogan.net/wordpress/2007/09/17/investigating-a-linux-zombie/ This blog post details a guy’s ad hoc investigation of a Linux server that was compromised and turned into a zombie. Basically, the “hacker” came in, installed a root kit, an SSH back door, and an IRC bot for command and control. The post gives all the steps that the “investigator” goes through, and provides a lot of detail and screen captures.

I find it somewhat entertaining, since it’s almost exactly what I went through investigating a very similar situation several (probably nine) years ago, on my friend’s server. I actually ended up talking to the attacker in his IRC channel, and he was nice enough to tell me how he broke in. Those were the good old days…

]]> http://eugk.net/wordpress/2007/09/17/investigating-a-linux-zombie/feed/ 0