Previously Allen Ahoffman wrote: > We have a system which was hacked. Cracked you mean. > We know the guy replaced netstat, ls, ps, and some other stuff, set up > camp in /tmp, uses a hacked telnetd on a higher port, and gains root > access, but we are looking for the hacks that get people in without > passwords to start with. Sounds like a standard simple rootkit. > e.g. > named hack I knew about not running named > might be nfs hack > its kernel 2.0.12 on the machine. kernel 2.0.12 suggests a machine that hasn't been upgraded in quite some time; since the time that kernel was released a large number of security problems have been identified and fixed. You can check any archive with security advisories for a list of them. > p.s. any progress on the qmail license issues fronts? No, and none is expected: DJB is not going to change his license, and we are not going to change our opinions on what constitutes free software. There are however good alternatives for qmail such as postfix. Wichert. -- _________________________________________________________________ / Nothing is fool-proof to a sufficiently talented fool \ | wichert@wiggy.net http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
Attachment:
pgpiX59lIX_NO.pgp
Description: PGP signature