Complete.Org: Mailing Lists: Archives: linux-help: May 2001:
[linux-help] Re: recent hacks
Home

[linux-help] Re: recent hacks

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: <linux-help@xxxxxxxxx>
Subject: [linux-help] Re: recent hacks
From: "Overlord Q" <overlord_q@xxxxxxxxxxx>
Date: Mon, 21 May 2001 15:19:41 -0500
Reply-to: linux-help@xxxxxxxxx

By no updates, did you mean security patches too?

----- Original Message -----
From: "John Alexander" <johnalexander@xxxxxxxxxxx>
To: <linux-help@xxxxxxxxx>
Sent: Monday, May 21, 2001 9:13 AM
Subject: [linux-help] Re: recent hacks


> I was running a bare butt RedHat 6.2, with almost no updates. It was a
> server that I got "just how I wanted it", and didn't want to mess anything
> up.  I have since changed my tune, and am now aggressively following up on
> applying updates, or just updating all of my machines to the latest and
> greatest distro, with some minor modifications. I now have portsentry
> configured to scan for the ports that these people are reported to use on
a
> couple of machines, and then in 'beartrap mode' on a couple others. It's
> amazing to sit there and watch you route table grow as people get kicked
out
> for scanning your machine. I also am experimenting with tripwire to track
> file changes.
> The one thing that really bothers me, is that according to the whitehats
web
> page, they use a bind exploit that can only be exploited if you run named
as
> root. I didn't think I was, 'cause the default for RedHat is to run named
as
> user named. Oh, well.
>
> ja
>
> -----Original Message-----
> From: linux-help-bounce@xxxxxxxxx [mailto:linux-help-bounce@xxxxxxxxx]On
> Behalf Of Benjamin F.Bunck
> Sent: Monday, May 21, 2001 8:44 AM
> To: linux-help@xxxxxxxxx
> Subject: [linux-help] recent hacks
>
>
>
> Several ACLUG mailing list members have posted recently that they have
been
> hacked.  Have any of you guys figured out how your machines were
exploited?
> I'd be very interested to know what distros you guys are using and what
> services you had running on the machines that were hacked.  Also, what
> firewall measures had you implemented?
>
> Ben
> -- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
> visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi
>
>
> -- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
> visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi
>
>
-- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi


[Prev in Thread] Current Thread [Next in Thread]