[ale] Alas! At long last I've been hacked.

Michael D. Hirsch mhirsch at nubridges.com
Mon Feb 3 10:03:13 EST 2003


On Sunday 02 February 2003 09:47 am, Byron A Jeff wrote:
> After nearly 4 years of near continuous connection to the net via cable
> modem my Linux based internet gateway has been hacked. I found a rootkit
> and a inetd backdoor giving the attacker direct remote root access.
>
> I did a bit of cleanup (turn off all network services, locked down
> /etc/hosts.allow to prevent any access of any kind) but I'd bet that
> there's another network entrance that I probably missed.
>
> So the time is well past due to update the box and I was seeking an
> opinion or two on an appropriate package/configuration.
>
> BTW I only have minor trepidations about being rooted because I didn't
> do my part. Putting a machine out with known vulnerabilities without
> tracking security updates is a open invitation. My primary mechanism was
> limiting access points, and IMHO it worked fairly well. So no regrets.
>
> I find that I need only very limited functionality:
>
> * Basic firewalling
> * SSH accesibility to the gateway
> * SSH accessibility through the gateway to the internal network
> * Preferable if auto/simple config is available.
>
> The hardware is a PII-200 with 64M. I'm not sure if it'll CD boot but
> I'd be interested in a read only media boot solution.

Sounds like a job for IPCop--except for the RO media boot.  That would be 
LRP.  But otherwise IPCop (sourceforge) is great.  It is a fork of 
smoothwall.  It installs in 5 minutes, has a nice GUI configurator, and 
ssh access from any web browser that supports java and ssl.

Michael
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale






More information about the Ale mailing list