[Gllug] My firewall is rooted

Stephen Harker steve at pauken.co.uk
Mon Jul 15 11:20:05 UTC 2002


OK. So I ssh into the firewall (first time in a week or so) to discover loads 
of running processes ./a and a new user in my password file called dave. So 
out he goes and shutdown all the processes. Passwd file was locked so I 
removed /etc/ptmp and removed the dave entry. (BTW this is an OpenBSD box)
Rebooted the machine. First mistake.
Now my root password doesn't work any more. SO. Do I want to even bother 
fixing this machine up or shall I just rescue my pf and nat rules, wipe the 
box and start again? Will there be a load of backdoors and other nasties on 
there now? 
Steve
-- 
Stephen Harker
steve at pauken.co.uk

"The sooner we fall behind, the longer we have to catch up!"


-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list