Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

System log shows on 2025 Mar 24 12:00:09 (UTC) hundreds of failed attempts to login as root, then, suddenly the 
attacker successfully logged in [...] etc. The attacker created the identities ABC and XYZ., Placedplaced a trojan
and possibly compromised the credentials of users: DEF, UVW>

- If available and relevant, the list of other eduGAIN participants possibly affected
<Ex: Suspicious new identities ABC and XYZ where created:

- Possible vulnerabilities exploited by the attacker
<Ex: the attacker exploited a weak root password and gained further access by exploiting CVE-2009- 1234
against [...] etc.>

- Actions taken to resolve the incident <Ex: Disk images have been saved, systems have been
reinstalled from scratch with new, strong root passwords, and SSH has been configured to prevent "root" logins with password.>

- Recommendations for other sites, actions suggested
<Ex: Sites should check and report any successful SSH connection from

...