On Tue, Jun 05, 2001 at 11:30:51AM -0700, Jeff V. Merkey wrote:
> On Tue, Jun 05, 2001 at 08:05:34AM +0100, Alan Cox wrote:
> > > is curious as to how these folks did this. They exploited BIND 8.2.3
> > > to get in and logs indicated that someone was using a "back door" in
> > Bind runs as root.
> > > We are unable to determine just how they got in exactly, but they
> > > kept trying and created an oops in the affected code which allowed
> > > the attack to proceed.
> > Are you sure they didnt in fact simply screw up live patching the kernel to
> > cover their traces
> Could have. The kernel is unable to dismount the root volume when booted.
> I can go through the drive and remove confidential stuffd and just leave
> the system intact and post the entire system image to my ftp server.
This would be a good thing for those of us involved in investigating
these sorts of things. :-/
> I have changed all the passwords on the server, so what's there is no
> big deal. This server was public FTP and web/email, so nothing really
> super "confidential" on it.
> Jeff
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
