[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Alas! At long last I've been hacked.

Subject: [ale] Alas! At long last I've been hacked.
From: byron at cc.gatech.edu (Byron A Jeff)
Date: Sun, 2 Feb 2003 09:47:26 -0500 (EST)

After nearly 4 years of near continuous connection to the net via cable modem
my Linux based internet gateway has been hacked. I found a rootkit and a
inetd backdoor giving the attacker direct remote root access.

I did a bit of cleanup (turn off all network services, locked down 
/etc/hosts.allow to prevent any access of any kind) but I'd bet that there's
another network entrance that I probably missed.

So the time is well past due to update the box and I was seeking an opinion or
two on an appropriate package/configuration.

BTW I only have minor trepidations about being rooted because I didn't do my
part. Putting a machine out with known vulnerabilities without tracking
security updates is a open invitation. My primary mechanism was limiting
access points, and IMHO it worked fairly well. So no regrets.

I find that I need only very limited functionality:

* Basic firewalling
* SSH accesibility to the gateway
* SSH accessibility through the gateway to the internal network
* Preferable if auto/simple config is available.

The hardware is a PII-200 with 64M. I'm not sure if it'll CD boot but I'd be
interested in a read only media boot solution.

Looking forward to your thoughts.

BAJ
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale

Prev by Date: [ale] OT: So what about Java?
Next by Date: [ale] Computers for sale with Linux installed.
Previous by thread: [ale] OT: So what about Java?Re: [ale] OT: So what about Java?
Next by thread: [ale] Alas! At long last I've been hacked.
Index(es):
- Date
- Thread