[ale] Alas! At long last I've been hacked.

matty91 at bellsouth.net matty91 at bellsouth.net
Sun Feb 2 12:27:22 EST 2003




On Sun, 2 Feb 2003, Byron A Jeff wrote:

> >
> > What distro and which services were you running on the gateway?
>
> Slack 7.0 IIRC. No security updates whatsoever.

May I suggest Redhat, and an up2date script running daily? I setup my
mom's firewall like this. I also removed the majority of the software (not
just disabled the service) from the box. If the kernel is not rootable,
and there is no software on the box, it makes attacking it more difficult.

>
> I was using tcpd to limit access to a couple of spots (Tech, my father's
> machine). Too many open services (telnet, ftp, finger, ident, sendmail, apache
> with port 80 closed by ATT/Comcast)
>
> As I said before I do believe that the tradeoff between controls and risks
> where OK for the time period that the machine was sitting on the open Internet
> and the total lack of maintenance rendered.
>
> I believe I'm going to do with Jonathan's suggesting to update Slack to 8.1,
> close the unused ports, make sure that OpenSSH is up to date, and still
> limit accessibility.
>
> BAJ
>
> >
> > -Jim p.
> >
> > > -----Original Message-----
> > > From: ale-admin at ale.org [mailto:ale-admin at ale.org]On Behalf Of Byron A
> > > Jeff
> > > Sent: Sunday, February 02, 2003 9:47 AM
> > > To: ale at ale.org
> > > Subject: [ale] Alas! At long last I've been hacked.
> > >
> > >
> > > After nearly 4 years of near continuous connection to the net via
> > > cable modem
> > > my Linux based internet gateway has been hacked. I found a rootkit and a
> > > inetd backdoor giving the attacker direct remote root access.
> > >
> > > I did a bit of cleanup (turn off all network services, locked down
> > > /etc/hosts.allow to prevent any access of any kind) but I'd bet
> > > that there's
> > > another network entrance that I probably missed.
> > >
> > > So the time is well past due to update the box and I was seeking
> > > an opinion or
> > > two on an appropriate package/configuration.
> > >
> > > BTW I only have minor trepidations about being rooted because I
> > > didn't do my
> > > part. Putting a machine out with known vulnerabilities without tracking
> > > security updates is a open invitation. My primary mechanism was limiting
> > > access points, and IMHO it worked fairly well. So no regrets.
> > >
> > > I find that I need only very limited functionality:
> > >
> > > * Basic firewalling
> > > * SSH accesibility to the gateway
> > > * SSH accessibility through the gateway to the internal network
> > > * Preferable if auto/simple config is available.
> > >
> > > The hardware is a PII-200 with 64M. I'm not sure if it'll CD boot
> > > but I'd be
> > > interested in a read only media boot solution.
> > >
> > > Looking forward to your thoughts.
> > >
> > > BAJ
> > > _______________________________________________
> > > Ale mailing list
> > > Ale at ale.org
> > > http://www.ale.org/mailman/listinfo/ale
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
> >
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale






More information about the Ale mailing list