On Sun, 10 Feb 2002, Tina Embrey wrote: > My Debian 2.2 Potato and Woody Servers have been attacked by a cracker who > has installed a 'root kit' and broke ps and several other core components > of the OS.
Well, I hope you had backups of all the data on that servers, because you will have to reinstall them from scratch, and that includes booting from RO media (a cdrom, or floppy diskette). And wiping all the HDs clean. You could try not to wipe out data partitions, but then you better be really sure nothing weird gets left behind... > The cracker got in via BIND. Is there a more secure DNS package available > on Debian Linux ? Debian's default BIND install is very insecure. The alternatives to BIND are not nearly as functional, so it really depends on what tasks your DNS servers perform... OTOH, even Debian's default "oh please hack me" BIND install (running that stuff as root, unchrooted) is safe enough if you apply the security updates very promptly (which means no more than a few hours after they are issued IMHO ;-) ). > Is there any way to fix the broken apps, and get the system secured again ? None that are worth the risk. A full reinstall is the only alternative we could recommend in good faith. Everything else is not 100% guaranteed. > Do you have a HowTo for implementing ipchains or iptables on Debian Linux ? Yep, the ipchains howto is installed along with many others if you install the doc-linux-* packages. Please also check out the 'ipmasq' or any of the other firewall-building packages. > Are there any tools available as packages for Configuring Firewalls on > Debian Linux ? Many of them. Search the package base using http://packages.debian.org and you will find quite a lot. Please look for the security Debian howto at: http://www.debian.org/doc/manuals/securing-debian-howto/index.en.html -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]