So is no one else using this software for Linux?
It is not clear, but it appears that it shuts down the port, but NOT the service SSH. WHY NOT? Their site is horrid for explanations. Plus, there is not a deny all option after you explicitly detail all your open ports. I hate this thing...
-----Original Message-----
From: Tony Rall [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 19, 2002 5:38 PM
To: [EMAIL PROTECTED]
Subject: Re: Netmax
On Tuesday, 2002/03/19 at 18:16 EST, "Truman Boyes"
<[EMAIL PROTECTED]> wrote:
> In the true sense of the word,
> *nothing* can be trusted after a compromise.
There's been some real good advice in this thread. I was worried someone
would post instructions on how to track down the ssh intruder. While
that's something nice to know, it's irrelevant in this case.
Even if it appears to have been a well understood attacking agent, it
would be unsafe to just repair the bits that that agent is known to hit.
And when reinstalling, ensure that you use distribution media that was
offline or read-only when the intruder may have been present.
Tony Rall
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
