Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: Compromised server, forensic suggestions requested. - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Compromised server, forensic suggestions requested.
I have a Ubuntu 12.04 server, installed iRedMail a month ago. Last Friday, installed OpenSSH and opened port 22 on my firewall.

Just happened to catch an established connection from a foreign address shortly after OpenSSH install. More details are logged here:
http://www.linuxquestions.org/questions/linux-security-4/suspect-sever-break-in-with-user-%27sshd%27-on-ubuntu-12-04-ebury-4175505281/

Ultimately, any suggestions for doing some forensic testing on this server to identify how this happened would be most appreciated.
Anonymous

Does anyone know of software than can reliably decode this?
__________________________
sara
Anonymous

Sign Up for Free or Log In to start participating in the conversation!