On Wed, 1 Mar 2000, M. Erickson wrote:
> On Wed, 1 Mar 2000, Fred Herman wrote:
>
> > You have been hacked. See:
> >
> > http://www.cert.org/current/current_activity.html#bind
> >
> > You need to disconnect your box. Unless you're expert, reformat the
> > hard drive and re-install. Make sure your patches are up to date. This
> > exploit is fixed by updating the bind rpm's. See:
> >
> > http://www.redhat.com/support/errata/rh61-errata-security.html
>
> No need to reformat, toss that windows paradigm aside, learn a new way of
> dealing with things like this! Just update BIND, XFS, and check through
> all your .history/.bash_history files and find out what else has been
> done.. just replace those, and you should be back in busines.
Umm thats total BS. Once a system is compromised, bypassing shell history
logging very trivial. Any library, and any binary on your system may be
patched, and it doesn't have to show up in any .bash_history
log.........or any logs for that matter.
>
> I suggest you take down inetd in the meantime, however.
>
> /me
>
>
>
>
> --
> To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> as the Subject.
>
-----------------------------------------------------
Brian Feeny (BF304) [EMAIL PROTECTED]
318-222-2638 x 109 http://www.shreve.net/~signal
Network Administrator ShreveNet Inc. (ASN 11881)
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
