On Fri, Aug 15, 2014 at 11:42:32AM -0300, Giancarlo Razzolini wrote: > Don't forget to check your own machine, not just your OpenBSD server. > It's more often than not the point of origin of the attack. If your > machine is compromised, reinstalling your server won't do anything, > since they'll reinfect it again.
I'm running OpenBSD 5.5-stable on my laptop as well. My laptop isn't running any public services AFAIK...I've configured the ones I'm running on it (like unbound) to only respond to local requests. Then again, I haven't tested those ports from another machine to verify that I locked them down the way I think I have, and now that I think about it, that would be a good idea--I'll add that to my todo list. If my laptop config IS properly locked down, it would need to be trojan horse or some kind of Firefox or email based vector, I suppose. Let's see... well, my laptop rc.local doesn't have any mystery files, at least.
