Results 1 to 9 of 9
  1. #1
    Join Date
    Oct 2001
    Posts
    1,315

    Interesting Hack

    We had a spare machine runnig redhat 7.2 get hacked by something.hispeed.ch

    The machine is having an odd problem now, can anyone recognize it. (We will be removing the HD to study and putting in a fresh one shortly)

    The machine goes online and offline for a few hours at a time at random times. The machine isnt frozen, but you cant ping it from an outside network. BUT once a machine on the same network pings the machine, it comes online to everyone....
    hm....

    I know the user ftp'd in, unfortunately we didnt have logging enabled. I just did today. Im leaving the system up to track him. md5 checksums show none of the main binaries are compromised....

    Does anyone know any known hack that will affect the network access as described above?

    Thanks
    Avi Brender
    Reliable Web Hosting by Elite Hosts, Inc
    CPANEL Reseller Hosting - Fantastico - Rvskins - ClientExec

  2. #2
    Join Date
    Jun 2000
    Location
    Washington, USA
    Posts
    5,991
    Sounds like power management is enabled in the BIOS. And, the machine is going to Sleep/Standby, and when a machine on the local lan pings it, it's like Wake On Lan.

    Course, I think APM can be enabled from within Linux.

  3. #3
    Join Date
    Oct 2001
    Posts
    1,315
    hmmm.. thats interesting
    But why would a ping to the same ip address from a machine on the same switch wake it up rather than one on a seperate network?

    Side question, Im thinking about going to redhat 7.1 from 7.2 because ive never been hacked using 7.1 only 7.2....
    Avi Brender
    Reliable Web Hosting by Elite Hosts, Inc
    CPANEL Reseller Hosting - Fantastico - Rvskins - ClientExec

  4. #4
    Wake on lan works only on local lans. Not external onces. That's way a remote ping may not work. In the meantime just keep sending a ping once in a while from a local server. So that the server stay's up

  5. #5
    Join Date
    Oct 2001
    Posts
    1,315
    Originally posted by JTY
    Sounds like power management is enabled in the BIOS. And, the machine is going to Sleep/Standby, and when a machine on the local lan pings it, it's like Wake On Lan.

    Course, I think APM can be enabled from within Linux.
    Is there a way to disable this from linux directly or can it only be done via the BIOS? (the APM thing)


    edit.... stupid me /etc/rc.d/init.d/apmd -
    stopping it will do what exactly?

    /etc/sysconfig/apmd found:
    NET_RESTART="yes"
    that is it shuts it down when it suspends, i changed it to no, lets see if it works.

    Crossing my fingers
    Last edited by MaB; 08-03-2002 at 09:08 PM.
    Avi Brender
    Reliable Web Hosting by Elite Hosts, Inc
    CPANEL Reseller Hosting - Fantastico - Rvskins - ClientExec

  6. #6
    Join Date
    Jul 2002
    Posts
    153
    I would love to have a box to track a hacker. I love watching. ;-)

  7. #7
    Join Date
    Oct 2001
    Posts
    1,315
    Looking back, it was no hacker. Person just got in via FTP using users in the default install of redhat 7.2 - we've cleared the password files of uneeded entries and they're out

    I would still like to know which user but i got ahead of myself and just wanted them out

    I am now looking into setting up a honeypot
    Avi Brender
    Reliable Web Hosting by Elite Hosts, Inc
    CPANEL Reseller Hosting - Fantastico - Rvskins - ClientExec

  8. #8
    Join Date
    Mar 2002
    Location
    Servers
    Posts
    806
    Originally posted by MaB
    I am now looking into setting up a honeypot


    Hmm... Keep us posted
    Dedicated Servers cPanel Shared/Reseller Hosting
    VPS Backups Cloud Colocation Managed Services
    Webx Networks Serving world wide since 1997

  9. #9
    Join Date
    Oct 2001
    Posts
    1,315
    APM in linux didnt work ill try the bios
    Avi Brender
    Reliable Web Hosting by Elite Hosts, Inc
    CPANEL Reseller Hosting - Fantastico - Rvskins - ClientExec

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •