Re: "Jun" hack
and away they go. Lots of subsequent references to NT_STATUS_NO_SUCH_USER, Windows SSH Client, ... So, my bad I believe, I had SSH up but allowed password-based access.
Let's call your attacker Jun. We know that Jun logged into your box on the 25th. You found him on the 27th. Jun had two days as root to do whatever he wanted on your computer, totally unimpeded. You found a couple processes he spawned. Odds are he did more than that.
You never said what you use this box for. If it's anything sensitive or valuable then I would never trust that machine again until it is wiped and reimaged.
Knock knock.
Race condition.
Who's there?
Bookmarks