Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Compromised server, forensic suggestions requested. - SANS Internet Storm Center SANS ISC InfoSec Forums

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Compromised server, forensic suggestions requested.
I have a Ubuntu 12.04 server, installed iRedMail a month ago. Last Friday, installed OpenSSH and opened port 22 on my firewall.

Just happened to catch an established connection from a foreign address shortly after OpenSSH install. More details are logged here:

Ultimately, any suggestions for doing some forensic testing on this server to identify how this happened would be most appreciated.

Does anyone know of software than can reliably decode this?

Sign Up for Free or Log In to start participating in the conversation!