On Wed, 28 Feb 2001, Brian Chabot wrote:
> One of my clients has an old mail server / name server / dhcp server
> / gateway that is REALLY acting up. This is a RedHat 6.0 machine
> running kernel 2.2.5-15.
A lot of people have been talking about bad hardware, misconfigured kernel,
etc., etc. While that may well be it, there is another possibility.
The machine may have been hacked.
There are quite a few known security holes in the configuration you are
describing, including some that allow remote root compromise. Notable ones
include the kernel (anything prior to 2.2.16 is vulnerable, IIRC) and BIND
named. Both have had widely available -- and very popular -- exploit kits.
Basically, it sounds like the machine has been wide-open for some time.
I'm not saying it is and I'm not saying it isn't; just that you might want
to consider the possibility.
--
Ben Scott <[EMAIL PROTECTED]>
Net Technologies, Inc. <http://www.ntisys.com>
Voice: (800)905-3049 x18 Fax: (978)499-7839
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
