Re: Advice Needed On Recent Rootings

To: Debian Security <debian-security@lists.debian.org>
Subject: Re: Advice Needed On Recent Rootings
From: "Marc F. Neininger" <marc@champagnierle.de>
Date: 29 May 2003 15:53:09 +0200
Message-id: <1054216389.539.13.camel@debian>
In-reply-to: <20030529051213.GA24135@yagami.infodump.net>
References: <20030525180430.GB32546@yagami.infodump.net> <20030525182528.GE3395@keimel.com> <20030528045821.GA7093@yagami.infodump.net> <slrnbd9kg6.7mr.lunz@stoli.localnet> <20030529051213.GA24135@yagami.infodump.net>

Hi Jason, hi all

> Server machines, no real desktop users.  One of these was a firewall
> that pretty much only had SSH listening.  *IF* it was hacked directly
> (rather than being compromised with a sniff'd password), then we've got
> something to target.  The timestamps don't support much of anything,
> since we don't really have many logs left (he's stupid, but not
> st00p1d).  Our logging infrastructure is . . . improving.  Also, we're
> implementing grsecurity.  I've been very impressed so far (and suspect
> 2.0 will be even better when it's stable).

How about an iptables skript that writes its logs to another machine?
And at the same time the skript should filter traffic from one server to
another...

Another point I would check is if all your _desktop_ computers are
yours. He might have hacked one just to get better access to your server
machines.

Just my 2€

Marc

Reply to:

References:
- Advice Needed On Recent Rootings
  - From: Jayson Vantuyl <kagato@souja.net>
- Re: Advice Needed On Recent Rootings
  - From: Jayson Vantuyl <kagato@souja.net>
- Re: Advice Needed On Recent Rootings
  - From: Jason Lunz <lunz@falooley.org>
- Re: Advice Needed On Recent Rootings
  - From: Jayson Vantuyl <kagato@souja.net>

Prev by Date: Re: Advice Needed On Recent Rootings
Next by Date: Re: Advice Needed On Recent Rootings
Previous by thread: Re: Advice Needed On Recent Rootings
Next by thread: ADSL + RADIO
Index(es):
- Date
- Thread