On Sun, 2006-02-05 at 02:51 -0500, James Pifer wrote:
It looks like my CentOS 4.2 box is attacking other people with some type of ftp attack. I got an email from somebody saying they were being attacked by my IP address.
Further investigation /var/log/messages shows a whole bunch of sshd attacks on me, none of which appear successful. I'm running ethereal right now and I can see that my system is doing some kind of ftp attacks on others.
I've think I've stopped the outgoing attacks at my firewall, but how do I proceed from here?
The first thing to do is run "ps auxfwwww" and look for anything that looks out of place. Feel free to post it here if you need help.