[Gllug] My firewall is rooted

Adam Bower abower at thebowery.co.uk
Mon Jul 15 13:03:53 UTC 2002


On Mon, Jul 15, 2002 at 01:01:37PM +0100, Stephen Harker wrote:
> Well! It turns out that apparently I'm gay and that "I have been owned " and 
> also that "The KREW has struck again". I take it that this is script-kiddy 
> stuff. I wonder how they got in. The only thing running was sshd. maybe they 
> got in through that. All the log messages have gone :-/
> Normal service shall resume in an hour or so...
> Steve

you did patch/update the ssh against the bad security hole that was recently in
the news? if not then that is most certainly how they got in (or your firewall
rules are not 100% watertight and there is another service running on the box)

basically when you reinstall make sure you have all the patches etc. downloaded
to a "good" machine and check md5sums before installing them and make sure you
don't connect your rebuilt box to the net until all the holes are patched.

you could get r00ted while you are downloading updates etc. and that would not
be a good thing.

Adam
-- 
"Step away from the Cathedral, This Bazaar is loaded"
jabberid = quinophex at jabber.earth.li


-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list