[ale] Alas! At long last I've been hacked.

Byron A Jeff byron at cc.gatech.edu
Sun Feb 2 11:42:26 EST 2003


> 
> What distro and which services were you running on the gateway?

Slack 7.0 IIRC. No security updates whatsoever.

I was using tcpd to limit access to a couple of spots (Tech, my father's 
machine). Too many open services (telnet, ftp, finger, ident, sendmail, apache
with port 80 closed by ATT/Comcast)

As I said before I do believe that the tradeoff between controls and risks
where OK for the time period that the machine was sitting on the open Internet
and the total lack of maintenance rendered.

I believe I'm going to do with Jonathan's suggesting to update Slack to 8.1,
close the unused ports, make sure that OpenSSH is up to date, and still 
limit accessibility.

BAJ

> 
> -Jim p.
> 
> > -----Original Message-----
> > From: ale-admin at ale.org [mailto:ale-admin at ale.org]On Behalf Of Byron A
> > Jeff
> > Sent: Sunday, February 02, 2003 9:47 AM
> > To: ale at ale.org
> > Subject: [ale] Alas! At long last I've been hacked.
> > 
> > 
> > After nearly 4 years of near continuous connection to the net via 
> > cable modem
> > my Linux based internet gateway has been hacked. I found a rootkit and a
> > inetd backdoor giving the attacker direct remote root access.
> > 
> > I did a bit of cleanup (turn off all network services, locked down 
> > /etc/hosts.allow to prevent any access of any kind) but I'd bet 
> > that there's
> > another network entrance that I probably missed.
> > 
> > So the time is well past due to update the box and I was seeking 
> > an opinion or
> > two on an appropriate package/configuration.
> > 
> > BTW I only have minor trepidations about being rooted because I 
> > didn't do my
> > part. Putting a machine out with known vulnerabilities without tracking
> > security updates is a open invitation. My primary mechanism was limiting
> > access points, and IMHO it worked fairly well. So no regrets.
> > 
> > I find that I need only very limited functionality:
> > 
> > * Basic firewalling
> > * SSH accesibility to the gateway
> > * SSH accessibility through the gateway to the internal network
> > * Preferable if auto/simple config is available.
> > 
> > The hardware is a PII-200 with 64M. I'm not sure if it'll CD boot 
> > but I'd be
> > interested in a read only media boot solution.
> > 
> > Looking forward to your thoughts.
> > 
> > BAJ
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
> 

_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale






More information about the Ale mailing list