[Gllug] My firewall is rooted

Stephen Harker steve at pauken.co.uk
Mon Jul 15 16:40:25 UTC 2002


On Monday 15 July 2002 14:43, John HEARNS wrote:
> >
> > Which doesn't make it much of a firewall anymore :-(
> > CRAP!!
>
> As Huw says, a good learning experience.
>
> How about bringing the rogue disk along to a meeting?
> We can keep it in a cage and poke sticks at it.
>
> Seriously though - how about a writeup, and maybe
> a short talk?
>
> * this is how I discovered that there was a compromise
>
> * steps I took to immediately recover
>
> * forensic traces
>
> * tools you might use
>
> * etc
I suppose I could do this. But I'll see how much time I have :-)
I'm going redo it all again tonight and see how far I get. I might make a tar 
file of the system disk before I reformat it so I can have a poke arounf 
later. Or just replace the disk... I'll let you know.
I am pretty sure it was ssh as I HADN'T patched it. SHAME SHAME. I admit it!! 
I am a slack administrator!! Its out in the open. These are my undies for all 
to see...
-- 
Stephen Harker
steve at pauken.co.uk

"The sooner we fall behind, the longer we have to catch up!"


-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list