-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On August 3, 2004 14:02:02, Lyvim Xaphir wrote: <whack> > > I was rooted a couple weeks back, but since I was preparing to do a fresh > > install (the day it was first logged) it wasn't a big deal. I just > > formatted the drive and started over. The best part was the duplicate > > drive (USB) was clean so I didn't lose anything. > > If I was relatively a newbie and I had an alert from chkrootkit like > that I would waste no time backing up and reinstalling.
Agreed, but if it hasn't happened, yet...knowledge is power. > How did they manage to break into your box? I've never had that happen > so I'm very curious as to what avenue they pursued. > > LX For me it was once, maybe twice, but I'll never know for sure since that drive died, in the 5 years I've been playing with Mandrake. Maybe before that too but I wouldn't have known since I didn't really know _anything_ before I got serious and dumped Windows. Truth be told I still don't know much. <g> I don't know if I'd call it breakin, more an exploit of the network install, while I was doing an ftp upgrade of cooker to fix the oopsies in Alpha1. I usually test the installer at least twice on my own system and as many customer systems as I can get away with. I'll keep installing and testing but I'll be a hell of a lot more careful from here on out. That's what I get for keeping a system as my own that I built for a customer, but then he should have paid me. :) I hadn't connected the old box to act as a local mirror/file server yet and the drives in the new box were pristine/virgin. Seems it was a "man in the middle" exploit. Charlie - -- Edmonton,AB,Canada User #244963 at http://counter.li.org Mandrakelinux release 10.1 (Alpha 1) for i586 kernel 2.6.8-0.rc2.2mdk 14:36:44 up 4:43, 1 user, load average: 0.30, 0.22, 0.21 Q: What does a WASP Mom make for dinner? A: A crisp salad, a hearty soup, a lovely entree, followed by a delicious dessert. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBD/vVZqvqlrLPr5YRAtLeAJ45E8wJK1x/ZTyUlUG7XBo2w5TFagCfcuNn yKS9QJ0Mo4pCcjws8OMsL3E= =JKn4 -----END PGP SIGNATURE-----
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________