[Gllug] My firewall is rooted
tet at accucard.com
tet at accucard.com
Mon Jul 15 11:27:17 UTC 2002
>OK. So I ssh into the firewall (first time in a week or so) to discover loads
>of running processes ./a and a new user in my password file called dave. So
>out he goes and shutdown all the processes. Passwd file was locked so I
>removed /etc/ptmp and removed the dave entry. (BTW this is an OpenBSD box)
>Rebooted the machine. First mistake.
>Now my root password doesn't work any more. SO. Do I want to even bother
>fixing this machine up or shall I just rescue my pf and nat rules, wipe the
>box and start again? Will there be a load of backdoors and other nasties on
>there now?
Yep, wipe the box and start again. For a firewall box, that's pretty
much the only option. Once it's been compromised, it's untrustworthy,
which for a firewall is pretty terminal...
Tet
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list