[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] I can't seem to plug up all the security holes in my box...

Subject: [ale] I can't seem to plug up all the security holes in my box...
From: hirsch at zapmedia.com (hirsch at zapmedia.com)
Date: Wed, 21 Jun 2000 09:33:03 -0400 (EDT)

>>>>> "Jim" == Jim Kinney <jkinney at teller.physics.emory.edu> writes:

    Jim> You've got problems!  Start by dropping to single-user mode
    Jim> and from a known good source replace every binary that
    Jim> touches any aspect of networking, login and logging.  Make
    Jim> sure you are using shadow passwords. You also need to do a
    Jim> serity scan for cgi scripts with holes. That is hard
    Jim> work. Try ussing nessus from another machine to probe your
    Jim> system after you bring it back to multiuser mode.

And then change all the passwords.  Lots of root kits put in some sort
of trojaned login command.  That may well be how this guy has broken
in.  He got in once and installed the trojan.  From then on he can
login as anyone who has logged in since.

The time I was cracked I got lucky.  The cracker troganed login, but
the trojan stored the user/password file locally.  I guess the plan
was to come back later and get them, but I got there first.

Best of luck,

-- 
------------------------
Michael D. Hirsch, Ph.D.
Software Developer
zapmedia.com

Phone: 678-420-2722                FAX: 678-420-2839
email: michael.hirsch at zapmedia.com Web: http://www.zapmedia.com
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

Prev by Date: [ale] UNIX/NT/Mac position at GT GVU Center
Next by Date: [ale] I can't seem to plug up all the security holes in mybox...
Previous by thread: [ale] I can't seem to plug up all the security holes in my box...
Next by thread: [ale] I can't seem to plug up all the security holes in my box...
Index(es):
- Date
- Thread