[ale] Alas! At long last I've been hacked.
Jim Popovitch
jpopovitch at att.net
Sun Feb 2 11:21:16 EST 2003
What distro and which services were you running on the gateway?
-Jim p.
> -----Original Message-----
> From: ale-admin at ale.org [mailto:ale-admin at ale.org]On Behalf Of Byron A
> Jeff
> Sent: Sunday, February 02, 2003 9:47 AM
> To: ale at ale.org
> Subject: [ale] Alas! At long last I've been hacked.
>
>
> After nearly 4 years of near continuous connection to the net via
> cable modem
> my Linux based internet gateway has been hacked. I found a rootkit and a
> inetd backdoor giving the attacker direct remote root access.
>
> I did a bit of cleanup (turn off all network services, locked down
> /etc/hosts.allow to prevent any access of any kind) but I'd bet
> that there's
> another network entrance that I probably missed.
>
> So the time is well past due to update the box and I was seeking
> an opinion or
> two on an appropriate package/configuration.
>
> BTW I only have minor trepidations about being rooted because I
> didn't do my
> part. Putting a machine out with known vulnerabilities without tracking
> security updates is a open invitation. My primary mechanism was limiting
> access points, and IMHO it worked fairly well. So no regrets.
>
> I find that I need only very limited functionality:
>
> * Basic firewalling
> * SSH accesibility to the gateway
> * SSH accessibility through the gateway to the internal network
> * Preferable if auto/simple config is available.
>
> The hardware is a PII-200 with 64M. I'm not sure if it'll CD boot
> but I'd be
> interested in a read only media boot solution.
>
> Looking forward to your thoughts.
>
> BAJ
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list