[ale] Alas! At long last I've been hacked.

Byron A Jeff byron at cc.gatech.edu
Sun Feb 2 09:47:26 EST 2003


After nearly 4 years of near continuous connection to the net via cable modem
my Linux based internet gateway has been hacked. I found a rootkit and a
inetd backdoor giving the attacker direct remote root access.

I did a bit of cleanup (turn off all network services, locked down 
/etc/hosts.allow to prevent any access of any kind) but I'd bet that there's
another network entrance that I probably missed.

So the time is well past due to update the box and I was seeking an opinion or
two on an appropriate package/configuration.

BTW I only have minor trepidations about being rooted because I didn't do my
part. Putting a machine out with known vulnerabilities without tracking
security updates is a open invitation. My primary mechanism was limiting
access points, and IMHO it worked fairly well. So no regrets.

I find that I need only very limited functionality:

* Basic firewalling
* SSH accesibility to the gateway
* SSH accessibility through the gateway to the internal network
* Preferable if auto/simple config is available.

The hardware is a PII-200 with 64M. I'm not sure if it'll CD boot but I'd be
interested in a read only media boot solution.

Looking forward to your thoughts.

BAJ
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale






More information about the Ale mailing list