[Gllug] My firewall is rooted

Stephen Harker steve at pauken.co.uk
Mon Jul 15 16:40:25 UTC 2002

On Monday 15 July 2002 14:43, John HEARNS wrote:
> >
> > Which doesn't make it much of a firewall anymore :-(
> > CRAP!!
> As Huw says, a good learning experience.
> How about bringing the rogue disk along to a meeting?
> We can keep it in a cage and poke sticks at it.
> Seriously though - how about a writeup, and maybe
> a short talk?
> * this is how I discovered that there was a compromise
> * steps I took to immediately recover
> * forensic traces
> * tools you might use
> * etc
I suppose I could do this. But I'll see how much time I have :-)
I'm going redo it all again tonight and see how far I get. I might make a tar 
file of the system disk before I reformat it so I can have a poke arounf 
later. Or just replace the disk... I'll let you know.
I am pretty sure it was ssh as I HADN'T patched it. SHAME SHAME. I admit it!! 
I am a slack administrator!! Its out in the open. These are my undies for all 
to see...
Stephen Harker
steve at pauken.co.uk

"The sooner we fall behind, the longer we have to catch up!"

Gllug mailing list  -  Gllug at linux.co.uk

More information about the GLLUG mailing list