At 07:24 AM 11/1/2000 -0500, Tom Laurie wrote:
install AIDE - its on freshmeat. i did....and it's helped me a lot...there
are a log of files modified in a day.......then i wrote a hack script for
cron.daily to have it run every day and mail the results to me......
its a replacement for tripwire that does thing that tripwire didn't think
of.....well worth the compile time... :-)
~kurth
>I just heard how hackers were focusing on cable systems by placing
>"Zombie" programs on the computers behind the cable. If you got one of
>these placed on your system you wouldn't notice it, but your computer
>could be used to go out and hack other computers. It is also virtually
>impossible to trace the Zombie program back to the originator.
>
>I've helped a little with other gnhlug members to set up Concord
>Christian's Linux box connected to their Mediaone cable running
>IPChains. They got a call from ATT Broadband yesterday saying that their
>computer was being used to hack into other computers and sure enough, when
>you reboot their server it says Zombie at some point.
>
>Does anyone know how to clean the Zombie off of their server?
>
>
>Once it is off, how can I protect against it ?
>
>
>Tom Laurie
>NH Office of Emergency Management
>Systems Manager
>603 223-3617
Kurth Bemis - Network/Systems Administrator, USAExpress.net/Ozone Computer
There is no sin except stupidity. -- Oscar Wilde
[EMAIL PROTECTED] | http://www.usaexpress.net/kurth
PGP key available - http://www.usaexpress.net/kurth/pgp
Fight Weak Encryption! Donate your wasted CPU cycles to Distributed.net
(http://www.distributed.net)
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************