[ale] rootkit strike

Robert E. Karaffa, II rkaraff at emory.edu
Wed May 21 09:34:31 EDT 2003


hi folks,
    our two linux boxes, running mandrake 8.0 and 8.2, were infected(?) by
tuxkit on or about May 17.  One of the boxes looks to be a complete
installation of the rootkit, the other looks like it was interrupted (mommy
must've come home early).  I suppose it was just a matter of time before it
was our turn, durnit.  in any event, since I was about to rebuild both
boxes, it's timely that I start to work on them soon.  I've been doing some
self-educating on rootkits, and I've learned a bit about scripkids, stuff of
which I was unaware.  I had believed in the notion that attackers were bent
on screwing up their victim's computers, just to show that they could.  but
instead, I learn that control of the victim's computer is much more
important, especially in these days of warez, kazaa, p2p, etc.  and since I
was naïve enough to NOT use enough security on our systems, I'm paying the
price.
    I'll be re-installing Mandrake 8.2 in the next few days.  anyone wish to
advise me on security issues?  I can install Bastille, the firewall that
comes with Mandrake, and I know how to configure it.  our problem was our
ftp servers, which have been turned off, since we are moving away from that
type of service.  however, I'm concerned about the web servers we run.
anybody have any experience with rootkits, especially tuxkit, I'd like to
hear about it.

-Bob K.
-- 
**************************
Robert E. Karaffa, II
Technical Director
Emory University
Flow Cytometry Core Facility
954 Gatewood Dr.
Atlanta, Ga 30329
voice: 404/712-4429
e-mail: rkaraff at emory.edu
web:  http://www.emory.edu/WHSC/MED/RESEARCH/FLOWCYT/
**************************

_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale





More information about the Ale mailing list