Regardless of how up2date your system is, it can be exploited if not secured. You say your fw was tight. What did you have open? Were you serving ftp or someother service? I've been hacked, and yes as someone has pointed out it's like earning your stripes. Then again, the other day I thought I'd been hacked when in fact it was a problem with mod_ssl. Take some time and dig. Get a LIDS package. Use products like Tripwire. You'll know if alot has changed at least, and what. Run chkrootkit occassionally to see if, and what, rootkit may have been loaded. Yes these are reactive but at least you'll learn. If you have only a few services open (ports) then you narrow down the possibilities. You can't wu-ftp exploit a server that doesn't serve ftp for instance. Try to find hardened alternatives to services where possible. Don't be too discouraged. Reinstall Linux, tighten it up even more, learn and adapt. At least with linux you see the anomolies. In Windows you're likely to not know you're hacked until files go missing.
<<JAV>> ---------- Original Message ----------- From: linux power <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Sent: Thu, 17 Oct 2002 13:42:25 +0200 (CEST) Subject: Re: Tonight I got hacked. > Well. The problem is that they have attemped to do so several times. > And its not done by a school child. My iptables firewall is to good > for that. Mitchell Wright <[EMAIL PROTECTED]> wrote:On 10/17/02 > 6:18 AM, "Thomas Ribbrock" wrote: > > > On Thu, Oct 17, 2002 at 11:55:06AM +0200, linux power wrote: > >> > >> Wiil you go through all the system scripts and find out which is been > >> changed? > >> If you think you are so damm good so tell me what to do? > > > > That's *very* simple: Save your personal data, wipe the drive and reinstall. > > Once the machine was hacked, there is *no* (and I mean *no*) other way, as > > there is *no* way to know exactly what has been changed. > > > > What's even *more* important is to think about what went wrong, e.g.: Were > > you up-to-date with all updates issued from Red Hat? What ports were open? > > Which services running? How was your firewall set up (if you had one)? > > Things like that might be important for the future. > > > > Cheerio, > > > > Thomas > > I know the pain of a security breach. Even worse is the realization > that it was probably some kid that had no idea what they were really > doing, just following some instructions they got on irc and using > someone else's programs. > > The reality is, that nothing is secure, unless you pull that > Ethernet cable out of the wall. Switching back to XP is your > prerogative, but, your chances of a future breach are actually > higher with it. > > Lock down your system, learn about firewalls, learn about NIDS, > learn about apps like Tripwire, keep your system patched all the > time as soon as you here about a patch. These things will not secure > you 100%, but they raise the bar past script kiddies at least. > > This is my technique. Someone has to be very good to hack a system > that is carefully set up and maintained. This by default means the > numbers of people with that level of skill are few. So, you have to > consider why someone at that level would attack you and to what end? > If someone can achieve root almost anywhere at anytime, there are > far more interesting things to do I am sure. Plus, guys (and girls) > with that level of skill are not trolling around port scanning ip > addresses hoping to find some weakness. So, chances are they will > never come to your computer. > > I guess what I am trying to say is, don't be disheartened by a > breach. If anything, its like getting your stripes... At least one > of them anyways :-) > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@;redhat.com?subject=unsubscribe > https://listman.redhat.com/mailman/listinfo/redhat-list > > http://home.no.net/~knutove/knut_ove_hauge_kuren.htm > Yahoo! Mail har fått nytt utseende > Nytt design, enklere å bruke, alltid tilgang til Adressebok, > Kalender og Notisbok ------- End of Original Message ------- -- redhat-list mailing list unsubscribe mailto:redhat-list-request@;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
