[Gllug] My firewall is rooted
Walid Shaari
ws at melinux.com
Mon Jul 15 12:54:07 UTC 2002
On Mon, 2002-07-15 at 13:01, Stephen Harker wrote:
> On Monday 15 July 2002 12:27, tet at accucard.com wrote:
> > >OK. So I ssh into the firewall (first time in a week or so) to discover
> > > loads of running processes ./a and a new user in my password file called
> > > dave. So out he goes and shutdown all the processes. Passwd file was
> > > locked so I removed /etc/ptmp and removed the dave entry. (BTW this is an
> > > OpenBSD box) Rebooted the machine. First mistake.
> > >Now my root password doesn't work any more. SO. Do I want to even bother
> > >fixing this machine up or shall I just rescue my pf and nat rules, wipe
> > > the box and start again? Will there be a load of backdoors and other
> > > nasties on there now?
> >
> > Yep, wipe the box and start again. For a firewall box, that's pretty
> > much the only option. Once it's been compromised, it's untrustworthy,
> > which for a firewall is pretty terminal...
> >
> > Tet
> Well! It turns out that apparently I'm gay and that "I have been owned " and
> also that "The KREW has struck again". I take it that this is script-kiddy
> stuff. I wonder how they got in. The only thing running was sshd. maybe they
> got in through that. All the log messages have gone :-/
> Normal service shall resume in an hour or so...
> Steve
I thought I have replied to that earlier, mmh never mind
take a look at what /. said several days ago :
http://bsd.slashdot.org/article.pl?sid=02/07/13/0346209&mode=thread&tid=172
thats how you have b33n owned :)
> --
> Stephen Harker
> steve at pauken.co.uk
>
> "The sooner we fall behind, the longer we have to catch up!"
>
>
> --
> Gllug mailing list - Gllug at linux.co.uk
> http://list.ftech.net/mailman/listinfo/gllug
>
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list