Re: See what a weak password will get ya?
Hi,
I haven't caught the start of this thread, but how can you be sure your
core utilities have not been altered?
Do have a record of how they looked before the crack (a backup, MD5 sums
etc, AIDE,Tripwire database)?. IMO, you would really need to examine
those binaries on another box against a known equivalent clean copy or
backup/AIDE/Tripwire database before really being sure.
Awais
On Fri, 2004-07-23 at 12:23, Paul Stolp wrote:
> * Monique Y. Mudama <spam@bounceswoosh.org> [2004-07-23 00:04]:
>
> > I'd add the suggestion to not use obvious usernames like "guest" ...
>
> agree -- I will prob. replace this account name
>
> >
> > Btw, are you 100% sure they never managed to root you and replace some
> > of your files?
>
> I wasn't 100% sure I wasn't cracked when I installed, but I am sure that
> my core utilities are the same as before this attempt. This and clean
> chkrootkit are enough for me, as long as I continue to watch what's
> going on.
>
> Thanks everyone, mostly I was just venting, but hopefully this will help
> prompt anyone who knows of a potential system weakness.
>
> Paul
> --
>
Reply to: