Hi =)
>
> On Wed, 1 Mar 2000, Fred Herman wrote:
>
> > You have been hacked. See:
> >
> > http://www.cert.org/current/current_activity.html#bind
> >
> > You need to disconnect your box. Unless you're expert, reformat the
> > hard drive and re-install. Make sure your patches are up to date. This
> > exploit is fixed by updating the bind rpm's. See:
> >
> > http://www.redhat.com/support/errata/rh61-errata-security.html
>
> No need to reformat, toss that windows paradigm aside, learn a new way of
> dealing with things like this! Just update BIND, XFS, and check through
> all your .history/.bash_history files and find out what else has been
> done.. just replace those, and you should be back in busines.
>
> I suggest you take down inetd in the meantime, however.
>From everyone's advice, I found that the hacker had replaced the login
binaries and was having passwords stored in /dev/ttypx. Several programs
had been modified as well. Everything has been fixed / updated and
passwords
changed. Now I'm moving forward to setting up a firewall and all that fun
stuff =)
Thanks for all of the help so far =) Any recommendations on which firewall
to go with?
-Ed
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
