No firewall is perfect. I've been hacked. One of the most important things you can do right now (if you haven't already re-installed) is to try to learn the point of entry (what was hacked). For me it was rpc.statd. I found a non-root user with UID 0 one day, and realized what had been done.
If you send more info about what you had running perhaps we can assist in figuring it out? How did you find out you'd been hacked? Were there any new users in /etc/passwd? +++ linux power [RedHat] [Thu, Oct 17, 2002 at 01:42:25PM +0200]: > > Well. The problem is that they have attemped to do so several times. > And its not done by a school child. My iptables firewall is to good for that. > Mitchell Wright <[EMAIL PROTECTED]> wrote:On 10/17/02 6:18 AM, "Thomas Ribbrock" >wrote: > > > On Thu, Oct 17, 2002 at 11:55:06AM +0200, linux power wrote: > >> > >> Wiil you go through all the system scripts and find out which is been > >> changed? > >> If you think you are so damm good so tell me what to do? > > > > That's *very* simple: Save your personal data, wipe the drive and reinstall. > > Once the machine was hacked, there is *no* (and I mean *no*) other way, as > > there is *no* way to know exactly what has been changed. > > > > What's even *more* important is to think about what went wrong, e.g.: Were > > you up-to-date with all updates issued from Red Hat? What ports were open? > > Which services running? How was your firewall set up (if you had one)? > > Things like that might be important for the future. > > > > Cheerio, > > > > Thomas > > I know the pain of a security breach. Even worse is the realization that it > was probably some kid that had no idea what they were really doing, just > following some instructions they got on irc and using someone else's > programs. > > The reality is, that nothing is secure, unless you pull that Ethernet cable > out of the wall. Switching back to XP is your prerogative, but, your chances > of a future breach are actually higher with it. > > Lock down your system, learn about firewalls, learn about NIDS, learn about > apps like Tripwire, keep your system patched all the time as soon as you > here about a patch. These things will not secure you 100%, but they raise > the bar past script kiddies at least. > > This is my technique. Someone has to be very good to hack a system that is > carefully set up and maintained. This by default means the numbers of people > with that level of skill are few. So, you have to consider why someone at > that level would attack you and to what end? If someone can achieve root > almost anywhere at anytime, there are far more interesting things to do I am > sure. Plus, guys (and girls) with that level of skill are not trolling > around port scanning ip addresses hoping to find some weakness. So, chances > are they will never come to your computer. > > I guess what I am trying to say is, don't be disheartened by a breach. If > anything, its like getting your stripes... At least one of them anyways :-) > > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@;redhat.com?subject=unsubscribe > https://listman.redhat.com/mailman/listinfo/redhat-list > > http://home.no.net/~knutove/knut_ove_hauge_kuren.htm > Yahoo! Mail har fått nytt utseende > Nytt design, enklere å bruke, alltid tilgang til Adressebok, Kalender og Notisbok -- // Andrew MacKenzie | http://www.edespot.com // Your system which soared // So freely on gliding wings // now hangs, frozen and blue
msg91952/pgp00000.pgp
Description: PGP signature
