Talk With an Expert

Dead Linux Machines Do Tell Tales

Dead Linux Machines Do Tell Tales (PDF, 3.59MB)Published: 15 May, 2013
Created by
James Fung

It was in January of 2002 when we finally recognized the signs of disaster - the IDS told of anomalous activity on port 22 both inbound and out. Where there was little or no traffic before, we now see dozens of SSH connections to (and from) various foreign nations. We didn't know what they were doing because SSH afforded them an encrypted link, but we did know that the center of all this activity seemed to be one of our machines on site.