[ale] Cracked many Linux systems
Bob's ALE Mail
transam at cavu.com
Wed Mar 28 08:34:49 EST 2001
In the past few weeks I have seen MANY Linux systems that got cracked
(hacked). The rate of systems broken into seems to have GREATLY increased
in the past month.
The suspected paths have been via named (DNS), lpd, or portmap & nfsd and
all have been Red Hat 6.2. Sadly, these were clients who thought the risk
of a break-in to be small enough to not be worth spending the money or time
to harden their systems. Hardening would have taken 1/2 to 2 days.
Recovering from break-ins (even if no data was stolen or altered) is much
more.
Please, please don't use NFS or portmap (and friends), install the latest
security patch for named and run it in under its own user and group and
chroot'ed, use IP chains to block Internet access to the named, lpd, portmap,
nfsd ports and most other ports, and do not run any kernel older than 2.2.16.
One knowledgeable security expert estimated that the average life of an
unhardened Red Hat 6.2 system on the Internet (before being cracked)
is two weeks.
Bob Toxen, CTO
Fly-By-Day Consulting, Inc. "Experts in Linux & UNIX security"
bob at cavu.com
http://www.cavu.com [Linux & UNIX Consulting]
http://www.realworldlinuxsecurity.com [My book: Real World Linux Security]
http://www.cavu.com/sunset.html [Sunset Computer]
Quality Linux & UNIX security and software consulting since 1990.
GPG Public key available at http://www.cavu.com/pubkey.txt (book at cavu.com)
and at http://pgp5.ai.mit.edu/pks-commands.html#extract
pub 1024D/E3A1C540 2000-06-21 Bob Toxen <book at cavu.com>
Key fingerprint = 30BA AA0A 31DD B68B 47C9 601E 96D3 533D E3A1 C540
sub 2048g/03FFCCB9 2000-06-21
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list