[icecast] unwanted oper login

Seth de l'Isle szoth at ubertechnique.com
Mon Apr 9 21:15:26 PDT 2001



Hi all,

I help administer a Linux(RH6.1) box running icecast 1.3.5.  
I'm going to go ahead and upgrade to 1.3.10 shortly.  Recently a user from
a strange(to us) dial-in account logged in as operator and issued a shutdown
command.  I changed the passwords to see if someone in our group had let it 
out, but the same thing happened two days latter.

I'm trying to figure out how this was done, so I can decide whether we should
consider the whole system compromised, or if perhaps there is another machine
on the LAN that's been compromised and used to sniff us out.

Thanks!

--- >8 ----
List archives:  http://www.xiph.org/archives/
icecast project homepage: http://www.icecast.org/
To unsubscribe from this list, send a message to 'icecast-request at xiph.org'
containing only the word 'unsubscribe' in the body.  No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.



More information about the Icecast mailing list