jinzishuai@gmail.com wrote:
> Hello
>
> One of our lab machine running Redhat Enterprise 3 has been intruded by
> somebody. He used a simple ssh dictionary attack but unfortunately our
> root is enabled through ssh and the root password was not strong
> enough. We got report that there were 3GB of unexpected traffic during
> that day throught ssh.
> Now we are going to reset the root password but for some other reasons
> we don't want to disable root login through ssh.
> So I would like to do a dictionary attack on our machine first to make
> sure our password is strong enough. Is there any well-known hacking
> software that I can download and try to see if our system is secure?
> Thanks a lot.

You should make correct decision, u need find balance beetwen risk and
benefits. You need know that your system has ben defaced, and it can be
done almost anthing (but why?).
You have few choices to do, one is find all changed files (comparing md5
summ from your backup) and check all suspcious files, and try make sure
that everything is under control :)

About securing it, i belive in chrooting paradigma for providing safer
systems. If you like read more, i'd like to suggest you visit those pages:
http://www.linuxfocus.org/English/Ja...ticle225.shtml
http://www.cgisecurity.com/webserver...he2-howto.html

There is lot of ways for chrooting systems. Fell free for discous about
it :)

Marek Wawro
--
wawro.yawda.com