On Sun, May 25, 2003 at 02:35:32PM -0400, Ed McMan wrote: > Sunday, May 25, 2003, 2:04:30 PM, Jayson Vantuyl (Jayson) wrote: > > Jayson> We've had a number of hacked boxen recently. It appears a certain > Jayson> person (Romanian we think) is specifically targeting us and our > Jayson> customers (looks like he hit a machine and found connections from others > Jayson> in their logs, went from there). > > That's pretty unsettling.. > > Have you tried running snort? If its a known vulnerability it should > be able to pick it up (don't use Debian's.. it's very out of date). Err... packages.debian.org/snort shows unstable/testing provide 2.0.0, which is quite recent. It can easily be backported to stable. > You might want to try scanning your boxes with nessus too (kind of > unlikely that it would find anything, but... (don't use debian version > again)). Why not? http://packages.debian.org/nessus Shows unstable/testing provide 2.0.5 (2.0.6 is out and will be in the archive soon). Backporting it is really easy and you can find backported packages (for older versions) at http://people.debian.org/~jfs/nessus/ So, maybe you meant do not use versions in _stable_ (see #183524) Regards Javi
Attachment:
pgpFujyJa5qDV.pgp
Description: PGP signature