droby10:

I'm not quite sure what the point of entry was, but I'm going to make certain that all the apps running are the latest version w/ patches, etc...

I've been looking at some of the logs and am finding some clues perhaps...

Like this:
Sep 14 15:16:51 DHP01103 kernel: mIRKfORCE-glibc uses obsolete (PF_INET,SOCK_PACKET)
Sep 14 15:16:51 DHP01103 kernel: device eth0 entered promiscuous mode
Sep 14 15:18:50 DHP01103 kernel: device eth0 left promiscuous mode
Sep 14 15:19:31 DHP01103 kernel: device eth0 entered promiscuous mode
-- That doesn't look good... Any ideas???

And this:
Sep 14 14:16:30 DHP01103 portsentry[601]: attackalert: Connect from host: 211.121.xxx.xxx/211.121.xxx.xxx to TCP port: 111
Sep 14 14:16:30 DHP01103 portsentry[601]: attackalert: Ignoring TCP response per configuration file setting.
-- That certainly doesn't look good... Dunno why the config file says to just ignore... Any ideas???

I think I had also seen some :443 connect errors, which leads me to believe that it may be the exploit w/ my 0.9.6a OpenSSL... I'll put the latest ver. on new build...

I wish I had the time to figure it all out before I have to rebuild... But unfortunately, that's not an option... I just hope I can fill enough holes to keep it clean & alive while I figure all this out...

Thanks again...

James...