Re: [despammed] Advice Needed On Recent Rootings
Sunday, May 25, 2003, 2:04:30 PM, Jayson Vantuyl (Jayson) wrote:
Jayson> We've had a number of hacked boxen recently. It appears a certain
Jayson> person (Romanian we think) is specifically targeting us and our
Jayson> customers (looks like he hit a machine and found connections from others
Jayson> in their logs, went from there).
That's pretty unsettling..
Have you tried running snort? If its a known vulnerability it should
be able to pick it up (don't use Debian's.. it's very out of date).
You might want to try scanning your boxes with nessus too (kind of
unlikely that it would find anything, but... (don't use debian version
again)).
Have all of the hacked boxes been running a while without a reboot?
Someone discussed that programs running from updated libraries
would still be vulnerable until they were restarted. For instance, if
you havn't restarted ssh or apache (if you're using ssl) since openssl
was upgraded, an openssl exploit would still work.
------------------------------------------------------
| Eddie J Schwartz <EdMcMan@[despammed.com|m00.net]> |
| AIM: Uncaring Eyes ICQ: 35576339 YHOO: edmcman2 |
| "We Trills have an expression -- at forty, you |
| think you know everything. At four hundred you |
| realize you know nothing." - Dax, Startrek DS9 |
------------------------------------------------------
Reply to: