[Gllug] My firewall is rooted
Stephen Harker
steve at pauken.co.uk
Mon Jul 15 16:40:25 UTC 2002
On Monday 15 July 2002 14:43, John HEARNS wrote:
> >
> > Which doesn't make it much of a firewall anymore :-(
> > CRAP!!
>
> As Huw says, a good learning experience.
>
> How about bringing the rogue disk along to a meeting?
> We can keep it in a cage and poke sticks at it.
>
> Seriously though - how about a writeup, and maybe
> a short talk?
>
> * this is how I discovered that there was a compromise
>
> * steps I took to immediately recover
>
> * forensic traces
>
> * tools you might use
>
> * etc
I suppose I could do this. But I'll see how much time I have :-)
I'm going redo it all again tonight and see how far I get. I might make a tar
file of the system disk before I reformat it so I can have a poke arounf
later. Or just replace the disk... I'll let you know.
I am pretty sure it was ssh as I HADN'T patched it. SHAME SHAME. I admit it!!
I am a slack administrator!! Its out in the open. These are my undies for all
to see...
--
Stephen Harker
steve at pauken.co.uk
"The sooner we fall behind, the longer we have to catch up!"
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list