[ale] Hacked

Mike Kachline kachline at cc.gatech.edu
Mon Dec 7 11:13:08 EST 1998


On Mon, 7 Dec 1998, Matthew Brown wrote:

> 1.    Does anyone know what the 'wheel' group is for?  Might this have been
> installed as an initial system user?
	Though I still don't know exactly which services use the "wheel" 
group, I do know that it is a suid group. I think some versions of lpd use
 (or used) it. 


> 2.    Can anyone tell me how I might've been hacked through IMAPD?
<snip>
	Take a look at: http://www.cert.org/advisories/. I do know that
you are probably not the only one who got hacked. Both of the Linux boxes
which I manage had several imapd attacks attempted on them by various
sites within the past week or so. Apparently some new imapd attack has
been quite popular.


							Good luck,
								- Mike
============================================================================
Michael Kachline - CS, Georgia Tech
kachline at cc.gatech.edu
http://brightstar.gt.ed.net/kachline/
============================================================================






More information about the Ale mailing list