[ale] Linux Firewall

Wandered Inn esoteric at denali.atlnet.com
Thu Apr 8 13:41:52 EDT 1999


The recommended procedure, one I've followed under other UNIX
environments is to do a complete re-install.  This way you know you've
gotten rid of anything they've dropped on your box.

Our process is to have backups of all non-suid code, therefore, you can
reinstall your backups, without reinstalling any cracked code.  This is
not full proof, because there could be a trojan hiding in the backups. 
Generally having a snapshot of a clean system that you can compare
permissions/ownership and such is a good idea.

Mark Bedish wrote:
> 
> Hi,
> 
> First off let me just say that I've learned quite a bit just being on
> the list and appreciate the frank discussion. I'm no expert at anything,
> just like to dally in different things, but I have a question that I
> hope someone out there can give me guidance on.
> 
> The company I work for uses a linux box running RedHat 5.0 as our
> firewall, gateway to the Internet and to forward email to our internal
> mail server. Recently we were hacked by someone using an "eggdrop", or
> something of the sort that set up users with root privilege. We were
> alerted to the fact that this had happened our mail service failed when
> the intruder changed the IP address in resolv.conf and changed our.
> Because of this break in, we went through and removed all the services
> that seemed excessive to our base needs and patched ftpd, because we
> believed at the time that is how they got in, /var/log/messages showed
> that the process running anonymous ftp overflowed a stack buffer, and
> after that moment the intrusion began.
> 
> Well it appears that we have been hacked again, with someone setting up
> users with root privilege, no damage has been done thankfully but it is
> a little disconcerting. This time there is no clear indication of how
> they got in. Should I disable anonymous ftp? Has anyone else experienced
> anything like this or have any suggestions, we are planning an upgrade
> to 5.2 soon.
> 
> Thanks,
> Mark Bedish
> GWiz Systems, Inc.

--
Until later: Geoffrey		esoteric at denali.atlnet.com

It should be illegal to yell "Y2K" in a crowded economy.
	-- Larry Wall, creator of the programming language Perl






More information about the Ale mailing list