I worked with them to pull log files off, and sure enough, the initial intrusion happened only a few hours after I had left.
A few hours? If it was an unpatched Windows box then it'd be rooted within minutes.
Whoever did it didn't cover their tracks well, and was using the box to then attack some college system on the east coast.
Most of the people doing this don't appear to be particularly sophisticated. They're running prebuilt tools provided by somebody else to scan, break in and then install crap. Once they've done that, they generally move on to the next system. I used to administer some honeypots and it'd be fairly quiet then suddenly you'd get a large number of attack attempts because somebody somewhere released a new tool.
Previous Topic
Index
