On Thu, 7 Sep 2000, Matt Fahrner wrote:
>One thing I can't find a good document on is *how* these denial of
>service programs (the binaries) got onto the Linux boxes in the first
>place. Were they installed through the "rpc.statd" hole? Is it IRC
>buffer overflow issue (it doesn't sound like it)? How did the trojan
>horses get onto the systems? The docs I find concentrate on finding the
>trojan itself but not closing the hole(s) that allowed the trojan in in
>the first place (which is frankly more my concern).
Someone could have broke in via any one of a tonne of known or
unknown holes and installed a DoS trojan. If you're infected, it
is unlikely that you'll determine how...
--
Mike A. Harris | Computer Consultant | Capslock Consulting
Linux Advocate | Open Source Advocate | Red Hat Linux Fanatic
"A Firewall is really much like a sophisticated traffic cop; it detects and
stops unauthorized or suspicious movement in or out of the network. But
security is more than a Firewall; it's a process. You can't just put in a
Firewall and think you're secure."
_______________________________________________
Redhat-devel-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-devel-list