Dear Santanu,
Please report security incidents to the mail list
As described in the Agreement on Incident Response document...
https://edms.cern.ch/document/428035
------------------------------------------------
Dr David Kelsey
Particle Physics Department
Rutherford Appleton Laboratory
Chilton, DIDCOT, OX11 0QX, UK
e-mail: [log in to unmask]
Tel: [+44](0)1235 445746 (direct)
Fax: [+44](0)1235 446733
------------------------------------------------
> -----Original Message-----
> From: LHC Computer Grid - Rollout
> [mailto:[log in to unmask]] On Behalf Of Santanu Das
> Sent: 22 November 2004 10:07
> To: [log in to unmask]
> Subject: [LCG-ROLLOUT] compromised ssh
>
>
> Hi,
>
> We are suspecting that one of our WNs may have been
> compromised by a wide-scale ssh probe on Sat from a Taiwanese
> host, 192.192.73.5 and as a result, now I can't log in as
> root on that WN. I changed the password-cfg.h on LCFG and
> remake the profile for that particular node but still I can't
> use that new password on that WN. I don't want to reboot that
> WN just now. Does anyone know, how that "change of password"
> works between LCFG and the WN? Or any idea how can I change
> the password on that compromised WN so that I can log in
> without rebooting the node?
>
> Thanks,
> Santanu
>
|