On Wed, 1 Nov 2000, Tom Laurie wrote:
> I just heard how hackers were focusing on cable systems by placing "Zombie"
> programs on the computers behind the cable.
This has been true since there have been cable modems... attackers
recognize that they make great home-bases since they have a high-speed
connection to the net, and especially in the case of Linux and other free
U*ixes, they have plenty of nice tools like C compilers, network
diagnostic utilities, etc. which can make the remote attack of a system a
lot easier.
> If you got one of these placed on your system you wouldn't notice it,
> but your computer could be used to go out and hack other computers.
> It is also virtually impossible to trace the Zombie program back to
> the originator.
Neither of those is necessarily true, but for the average computer user
probably so. Linux is a powerful multi-user system, and running such a
beast connected to the Internet comes with some responsibility.
Especially with some of the legislation that's been passed, and some
that's being discussed, it's likely that you will be able to be held
responsible for attacks that can be shown to originate from your machine.
In order to know if you have such a program running, you a) need to know
your machine, and b) should run some sort of Intrusion Detection System
(IDS).
It's important that you familiarize yourself with what processes are
running on your machine, so that you can tell at a glance when something
is running which shouldn't be. Even to the point where, should a trojan
program disguise itself as something that's commonly found running on such
systems (like say, getty/agetty/mingetty) you notice that you have an
EXTRA copy of that program running that shouldn't be.
IDS's exist that watch for things like files being changed, unusual log
entries, etc. which will help you detect if someone has compromised your
machine. Kenny L. will no doubt mention several...
> Does anyone know how to clean the Zombie off of their server?
> Once it is off, how can I protect against it ?
There are already some answers to this, so I'll refrain from commenting
until I review them... Ben's usually right on top of this type of
question.
--
We sometimes catch a window, a glimpse of what's beyond
Was it just imagination stringing us along?
------------------------------------------------
Derek Martin | Unix/Linux geek
[EMAIL PROTECTED] | GnuPG Key ID: 81CFE75D
Retrieve my public key at http://pgp.mit.edu
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
