[ale] Alas! At long last I've been hacked.

Jim Popovitch jpopovitch at att.net
Sun Feb 2 11:21:16 EST 2003


What distro and which services were you running on the gateway?

-Jim p.

> -----Original Message-----
> From: ale-admin at ale.org [mailto:ale-admin at ale.org]On Behalf Of Byron A
> Jeff
> Sent: Sunday, February 02, 2003 9:47 AM
> To: ale at ale.org
> Subject: [ale] Alas! At long last I've been hacked.
> 
> 
> After nearly 4 years of near continuous connection to the net via 
> cable modem
> my Linux based internet gateway has been hacked. I found a rootkit and a
> inetd backdoor giving the attacker direct remote root access.
> 
> I did a bit of cleanup (turn off all network services, locked down 
> /etc/hosts.allow to prevent any access of any kind) but I'd bet 
> that there's
> another network entrance that I probably missed.
> 
> So the time is well past due to update the box and I was seeking 
> an opinion or
> two on an appropriate package/configuration.
> 
> BTW I only have minor trepidations about being rooted because I 
> didn't do my
> part. Putting a machine out with known vulnerabilities without tracking
> security updates is a open invitation. My primary mechanism was limiting
> access points, and IMHO it worked fairly well. So no regrets.
> 
> I find that I need only very limited functionality:
> 
> * Basic firewalling
> * SSH accesibility to the gateway
> * SSH accessibility through the gateway to the internal network
> * Preferable if auto/simple config is available.
> 
> The hardware is a PII-200 with 64M. I'm not sure if it'll CD boot 
> but I'd be
> interested in a read only media boot solution.
> 
> Looking forward to your thoughts.
> 
> BAJ
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale






More information about the Ale mailing list