Typically, you are left to secure your own box. The intruder could have
gotten into your box from a misconfigured SSH daemon, or the wrong version
of an FTD Daemon... Any hundreds of holes you may have overlooked.
Best thing to do, is double-check you have the most recent copies of
anything outwards facing, and any and all security patches.
-Jesse
-----Original Message-----
From: Matt Fahrner [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 07, 2000 7:34 PM
To: [EMAIL PROTECTED]
Subject: Re: Urgent ! denial of Service Attack
One thing I can't find a good document on is *how* these denial of
service programs (the binaries) got onto the Linux boxes in the first
place. Were they installed through the "rpc.statd" hole? Is it IRC
buffer overflow issue (it doesn't sound like it)? How did the trojan
horses get onto the systems? The docs I find concentrate on finding the
trojan itself but not closing the hole(s) that allowed the trojan in in
the first place (which is frankly more my concern).
Anyone feel like filling me in?
Thanks in advance if you know...
- Matt
_______________________________________________
Redhat-devel-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-devel-list
_______________________________________________
Redhat-devel-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-devel-list
