[linux-help] Re: recent hacks
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
I was running a bare butt RedHat 6.2, with almost no updates. It was a
server that I got "just how I wanted it", and didn't want to mess anything
up. I have since changed my tune, and am now aggressively following up on
applying updates, or just updating all of my machines to the latest and
greatest distro, with some minor modifications. I now have portsentry
configured to scan for the ports that these people are reported to use on a
couple of machines, and then in 'beartrap mode' on a couple others. It's
amazing to sit there and watch you route table grow as people get kicked out
for scanning your machine. I also am experimenting with tripwire to track
file changes.
The one thing that really bothers me, is that according to the whitehats web
page, they use a bind exploit that can only be exploited if you run named as
root. I didn't think I was, 'cause the default for RedHat is to run named as
user named. Oh, well.
ja
-----Original Message-----
From: linux-help-bounce@xxxxxxxxx [mailto:linux-help-bounce@xxxxxxxxx]On
Behalf Of Benjamin F.Bunck
Sent: Monday, May 21, 2001 8:44 AM
To: linux-help@xxxxxxxxx
Subject: [linux-help] recent hacks
Several ACLUG mailing list members have posted recently that they have been
hacked. Have any of you guys figured out how your machines were exploited?
I'd be very interested to know what distros you guys are using and what
services you had running on the machines that were hacked. Also, what
firewall measures had you implemented?
Ben
-- This is the linux-help@xxxxxxxxx list. To unsubscribe,
visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi
-- This is the linux-help@xxxxxxxxx list. To unsubscribe,
visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi
|
|
