On Thu, 7 Sep 2000, Matt Fahrner wrote:
> I do understand that, I wasn't trying to imply anything about anyone's
> responsibility as it's obviously our own to secure our own boxes. What
> I'm trying to find out is if there was one particular hole that was used
> to insert the trojan or, as you suggest, the trojans were inserted
> through numerous holes. Incidentally we do not believe we have the
> trojan, we just want to make sure we won't.
>
> All the press is about the "trojan" itself, not about the more important
> issue (in my opinion), of how the trojan got on the systems. If it is
> numerous holes then we'll catch them (hopefully) in our standard
> security procedures and updates. If it is a singular new hole I really
> want to know what it specifically is. Regardless I think more press
> needs to be put on how to avoid future trojans rather than how to
> specifically kill this one. If the door is left open more pests will
> come in.
lsof will show open file descirptors and sockets. that combined with
netstat -tan will show you what ports are being listened to. you can then
close them down by killing the approprate services.
Also get familiar with ipchains and use that to close your system down
even tighter.
Alvin Starr || voice: (416)585-9971
Interlink Connectivity || fax: (416)585-9974
[EMAIL PROTECTED] ||
_______________________________________________
Redhat-devel-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-devel-list
