[ale] Alas! At long last I've been hacked.
    Byron A Jeff 
    byron at cc.gatech.edu
       
    Sun Feb  2 11:21:57 EST 2003
    
    
  
> 
> Byron A Jeff said:
> > After nearly 4 years of near continuous connection to the net via cable
> > modem my Linux based internet gateway has been hacked. I found a rootkit
> > and a inetd backdoor giving the attacker direct remote root access.
> 
> Byron,
> 
> Could you share how you discovered the rootkit?  I'd be interested in
> hearing how you stumbled across it.
Simple. I couldn't log in. So after bringing up the machine in single user
I checked the date of the login program and it indicated that it had been
updated in the last few days. Since the machine was installed almost 4
years ago, that was a big red flag. 
It turns out they wern't very tidy. The rootkit was right in the /bin directory
and the inetd entry right at the bottom of the /etc/inetd.conf file.
The truth of the matter was that I didn't use the machine very often, if they
had left the ability for me to continue to log in, I probably wouldn't have
found it at all.
BAJ
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
    
    
More information about the Ale
mailing list