Re: HELP I've been cracked

To: Tina Embrey <tina@vmail.net.au>
Cc: debian-security@lists.debian.org
Subject: Re: HELP I've been cracked
From: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Sat, 9 Feb 2002 15:39:47 -0200
Message-id: <[🔎] 20020209153947.A492@khazad-dum>
In-reply-to: <000801c1b180$6252ac40$0c64a8c0@homelan>; from tina@vmail.net.au on Dom, Fev 10, 2002 at 01:42:21 +1000
References: <000801c1b180$6252ac40$0c64a8c0@homelan>

On Sun, 10 Feb 2002, Tina Embrey wrote:
> My Debian 2.2 Potato and Woody Servers have been attacked by a cracker who
> has installed a 'root kit' and broke ps and several other core components
> of the OS.

Well, I hope you had backups of all the data on that servers, because you
will have to reinstall them from scratch, and that includes booting from RO
media (a cdrom, or floppy diskette).  And wiping all the HDs clean.  You
could try not to wipe out data partitions, but then you better be really
sure nothing weird gets left behind...

> The cracker got in via BIND.  Is there a more secure DNS package available
> on Debian Linux ?

Debian's default BIND install is very insecure. The alternatives to BIND are
not nearly as functional, so it really depends on what tasks your DNS
servers perform...

OTOH, even Debian's default "oh please hack me" BIND install (running that
stuff as root, unchrooted) is safe enough if you apply the security updates
very promptly (which means no more than a few hours after they are issued
IMHO ;-) ).

> Is there any way to fix the broken apps, and get the system secured again ?

None that are worth the risk. A full reinstall is the only alternative we
could recommend in good faith. Everything else is not 100% guaranteed.

> Do you have a HowTo for implementing ipchains or iptables on Debian Linux ?

Yep, the ipchains howto is installed along with many others if you install
the doc-linux-* packages. Please also check out the 'ipmasq' or any of the
other firewall-building packages.

> Are there any tools available as packages for Configuring Firewalls on
> Debian Linux ?

Many of them. Search the package base using http://packages.debian.org and
you will find quite a lot.

Please look for the security Debian howto at:
http://www.debian.org/doc/manuals/securing-debian-howto/index.en.html

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to:

Follow-Ups:
- RE: HELP I've been cracked
  - From: "Jeff Bonner" <jeff@integralogic.com>

Prev by Date: #!/usr/bin/env bash in cgi script
Next by Date: RE: HELP I've been cracked
Previous by thread: #!/usr/bin/env bash in cgi script
Next by thread: RE: HELP I've been cracked
Index(es):
- Date
- Thread