On Sun, 2006-02-05 at 02:51 -0500, James Pifer wrote: > It looks like my CentOS 4.2 box is attacking other people with some type > of ftp attack. I got an email from somebody saying they were being > attacked by my IP address. > > Further investigation /var/log/messages shows a whole bunch of sshd > attacks on me, none of which appear successful. I'm running ethereal > right now and I can see that my system is doing some kind of ftp attacks > on others. > > I've think I've stopped the outgoing attacks at my firewall, but how do > I proceed from here? The first thing to do is run "ps auxfwwww" and look for anything that looks out of place. Feel free to post it here if you need help. -- Ignacio Vazquez-Abrams <ivazquez at ivazquez.net> http://centos.ivazquez.net/ gpg --keyserver hkp://subkeys.pgp.net --recv-key 38028b72 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://lists.centos.org/pipermail/centos/attachments/20060205/68e07a72/attachment-0005.sig>