[lug] Getting hacked through Samba?
chip at pupman.com
Thu Dec 30 09:18:54 MST 1999
I was going through /var/log and noticed an interesting file. It was
samba-log.ralph and samba-log.starwolf. The thing is that there are no
machines with the names ralph or starwolf on my network. The date of the
ralph file is yesterday at 6:06 am, at which time I can assure you
legitimate no sysadmin stuff was going on.
The contents of the ralph file is one line saying
The starwolf file is 8 lines of the same.
Any ideas or suggestions?
Thanks in advance.
--- If I can't fix it, I can fix it so it can't be fixed --
More information about the LUG