Re: hacked, then intrusion detection system

To: <mgriffa@fibertel.com.ar>
Cc: <debian-user@lists.debian.org>
Subject: Re: hacked, then intrusion detection system
From: John Hasler <john@dhh.gt.org>
Date: 03 Feb 2001 16:41:58 -0600
Message-id: <[🔎] 87elxfs821.fsf@toncho.dhh.gt.org>
In-reply-to: <mgriffa@fibertel.com.ar>'s message of "Sat, 3 Feb 2001 19:02:08 -0300 (ART)"
References: <[🔎] Pine.LNX.4.30.0102031858150.1318-100000@marla.juncal.org>

mgriffa writes:
> I just realized that someone entered my debian box with cablemodem. I
> couldn't find anything in the logs,...

Thereby demonstrating that the author of the script your script-kiddie used
is not incompetent.

> ...but the pump package was deleted.

Why do you consider this proof that you were cracked?

> I'd like to hear about any advices...

If you really were cracked (that's _cracked_, not hacked) you must
reinstall _immediately_.  It is impossible to clean up safely after a
break-in.  You must also install all security updates and keep them up to
date.
-- 
John Hasler
john@dhh.gt.org
Dancing Horse Hill
Elmwood, Wisconsin

Reply to:

Follow-Ups:
- Re: hacked, then intrusion detection system
  - From: <mgriffa@fibertel.com.ar>

References:
- hacked, then intrusion detection system
  - From: <mgriffa@fibertel.com.ar>

Prev by Date: Re: Can't use all 256M of ram!!
Next by Date: Re: attempting to set correct options for my sound card for Soundblaster 16 PCI W
Previous by thread: Re: hacked, then intrusion detection system
Next by thread: Re: hacked, then intrusion detection system
Index(es):
- Date
- Thread