Re: I've been hacked by DevilSoul

To: "Alvin Oga" <aoga@Maggie.Linux-Consulting.com>
Cc: <debian-security@lists.debian.org>
Subject: Re: I've been hacked by DevilSoul
From: "Alan Aldrich" <alanaldrich@attbi.com>
Date: Sat, 12 Jan 2002 10:03:17 -0800
Message-id: <[🔎] 001501c19b93$698f2090$1033f60c@netbandit>
References: <[🔎] Pine.LNX.3.96.1020110201347.30375A-100000@Maggie.Linux-Consulting.com>

Thanks to all who responded.
The DevilSoul rootkit was a nasty one which planted a man-in-the-middle
attack on my debian linux box. Apparently I was not secure enough or
watchful enough , as the intruder was able to install a kit on my root drive
which installed new versions of telnetd, passwd, ifconfig, ps, top, ssh, and
started evesdropping on my ssh and authentication logins.
Of course I took it off the net and had to rebuild the whole system, and now
I am not allowing ssh, rsh, telnet or ANY logins. It is not a machine that
needs logins anyway, all it does is VPN proxy and authentication on certain
ports. Anyway.. watch out for it. It puts a directory with all of the setup
programs in /dvsrk

Thanks again all

alan

Reply to:

Follow-Ups:
- Re: I've been hacked by DevilSoul
  - From: "Will Wesley, CCNA" <willwesleyccna@yahoo.de>

References:
- Re: I've been hacked by DevilSoul
  - From: Alvin Oga <aoga@Maggie.Linux-Consulting.com>

Prev by Date: Re: How can I change my domainname on my server
Next by Date: Re: I've been hacked by DevilSoul - confusion
Previous by thread: Re: I've been hacked by DevilSoul
Next by thread: Re: I've been hacked by DevilSoul
Index(es):
- Date
- Thread