Re: New t0rnkit v9 / Bobkit rootkit or maybe worm attack
From: Cichlidiot (fishlover@nospam.net)Date: 01/19/02
- Next message: Linked to Cnet: "Re: Schneier: Trust, but verify, Microsoft's pledge"
- Previous message: alanstv@ntlworld.com: "OT : Spambot Fodder"
- In reply to: Angelo Mandato: "Re: New t0rnkit v9 / Bobkit rootkit or maybe worm attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Cichlidiot <fishlover@nospam.net> Date: Sat, 19 Jan 2002 02:17:12 +0000 (UTC)
Angelo Mandato <amandato@mcs.kent.edu> wrote:
> I have found the same hack/worm within my machine. Does anyone know
> the extent of the attack? My machine did not have anything
> substantial but it was acting as a firewall for my personal machine.
> That has become my concern.
Did you have services running on a firewall box? A firewall box should not
be running services. So far, evidence is that the attack comes through
wu_ftpd or sshd. Your best option is to reinstall the machine. Save an
image of the drive if you are interested in saving evidence of the attack
(using the dd command for example). This time reinstall the machine with
its goal as purely a firewall in mind. If you're using a *nix distro that
is not aimed for being a minimalistic firewall, then use the expert setup
for your distro of choice (if available) and minimalize what is installed.
No services, no X-Windows, etc. If there are vendor patches for anything
you have installed, apply the patches. Your goal is just a basic system
and the firewall. If you absolutely can't put a console login solution on
the box, then make sure to firewall the access to sshd such that ONLY your
internal interface is allowed access.
- Next message: Linked to Cnet: "Re: Schneier: Trust, but verify, Microsoft's pledge"
- Previous message: alanstv@ntlworld.com: "OT : Spambot Fodder"
- In reply to: Angelo Mandato: "Re: New t0rnkit v9 / Bobkit rootkit or maybe worm attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
