I do understand that, I wasn't trying to imply anything about anyone's
responsibility as it's obviously our own to secure our own boxes. What
I'm trying to find out is if there was one particular hole that was used
to insert the trojan or, as you suggest, the trojans were inserted
through numerous holes. Incidentally we do not believe we have the
trojan, we just want to make sure we won't.
All the press is about the "trojan" itself, not about the more important
issue (in my opinion), of how the trojan got on the systems. If it is
numerous holes then we'll catch them (hopefully) in our standard
security procedures and updates. If it is a singular new hole I really
want to know what it specifically is. Regardless I think more press
needs to be put on how to avoid future trojans rather than how to
specifically kill this one. If the door is left open more pests will
come in.
Thanks for the response,
- Matt
Jesse Noller wrote:
>
> Typically, you are left to secure your own box. The intruder could have
> gotten into your box from a misconfigured SSH daemon, or the wrong version
> of an FTD Daemon... Any hundreds of holes you may have overlooked.
>
> Best thing to do, is double-check you have the most recent copies of
> anything outwards facing, and any and all security patches.
>
> -Jesse
>
> -----Original Message-----
> From: Matt Fahrner [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, September 07, 2000 7:34 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Urgent ! denial of Service Attack
>
> One thing I can't find a good document on is *how* these denial of
> service programs (the binaries) got onto the Linux boxes in the first
> place. Were they installed through the "rpc.statd" hole? Is it IRC
> buffer overflow issue (it doesn't sound like it)? How did the trojan
> horses get onto the systems? The docs I find concentrate on finding the
> trojan itself but not closing the hole(s) that allowed the trojan in in
> the first place (which is frankly more my concern).
>
> Anyone feel like filling me in?
>
> Thanks in advance if you know...
>
> - Matt
>
> _______________________________________________
> Redhat-devel-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-devel-list
>
> _______________________________________________
> Redhat-devel-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-devel-list
_______________________________________________
Redhat-devel-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-devel-list
