Security Incidents mailing list archives
Re: Bind8 exploit and a deleted partition map
From: Justin Shore <macdaddy () NEO PITTSTATE EDU>
Date: Wed, 14 Feb 2001 15:30:01 -0600
On 2/14/01 12:43 AM Jeremy L. Gaddis said...
Install Tripwire to protect your files like your inetd.conf or ssh_random_seed...FWIW, I've found the running "chattr +i" on important files goes a long way when it comes to your average script kiddie. An experienced cracker would probably figure it out pretty quick, but, IMO, a script kiddie would probably give up pretty quick and go on to an easier target.
I just helped a friend who has one of his RH 6.2 boxes rootkitted. One of the thigns replaced was login. His quick fix was to upgrade to 7.0. That replaced dman near everything. The one thing it wouldn't replace was login. It was immutable and he didn't know how to remove that (or identify it). I must admit that that's the first rootkit I've ever seen do that. Justin -- Justin Shore Pittsburg State University Network & Systems Manager Kelce 157Q Office of Information Systems Pittsburg, KS 66762 Voice: (620) 235-4606 Fax: (620) 235-4545 http://www.pittstate.edu/ois/ Warning: This message has been quadruple Rot13'ed for your protection.
Current thread:
- Bind8 exploit and a deleted partition map Matteo,Marc A. (Feb 13)
- Re: Bind8 exploit and a deleted partition map Luciano Miguel Ferreira Rocha (Feb 13)
- Re: Bind8 exploit and a deleted partition map Jose Nazario (Feb 13)
- Re: Bind8 exploit and a deleted partition map Derek Kwan (Feb 13)
- Re: Bind8 exploit and a deleted partition map Crist Clark (Feb 13)
- Re: Bind8 exploit and a deleted partition map Jeremy L. Gaddis (Feb 14)
- Re: Bind8 exploit and a deleted partition map Valdis Kletnieks (Feb 14)
- Re: Bind8 exploit and a deleted partition map Eric Brandwine (Feb 14)
- Priorities (was: Bind8 exploit and a deleted partition map) Dustin Mitchell (Feb 15)
- Re: Priorities (was: Bind8 exploit and a deleted partition map) Crist Clark (Feb 15)
- Re: Bind8 exploit and a deleted partition map Crist Clark (Feb 13)
- Re: Bind8 exploit and a deleted partition map Luciano Miguel Ferreira Rocha (Feb 13)
- <Possible follow-ups>
- Re: Bind8 exploit and a deleted partition map Justin Shore (Feb 14)