A search on
http://www.arin.net for 212.199.171.187 points to www.ripe.net
which indicates that that IP address belongs to what I believe is an ISP called
Golden Lines in Israel.
I would not trust a cracker to come in, look, and leave without installing a
rootkit and giving himself a back door to return to your system.
psyBNC (http://www.netknowledgebase.com/tutorials/psybnc.html ), the
program that he uploaded, allows him to pretend to be coming from your
network while irc chatting. This could be for entertainment purposes or to
protect himself if he is using an irc server to control zombie computers.
(Assuming the filename of the file he uploaded matches the contents.)
Hard to say what term.c was. You'll need to do a new installation on this
box.
No program is perfect but ssh does encrypt your information so that it cannot
be sniffed on the network. Telnet, ftp, and pop email all expose your
password in plain text.
Looks like this advisory from bugtraq might cover your problem.
http://cert.uni-stuttgart.de/archive/bugtraq/2001/02/msg00179.html
