[lug] Cracked system
Sean Reifschneider
jafo at tummy.com
Fri Sep 1 17:57:49 MDT 2000
On Fri, Sep 01, 2000 at 06:18:04PM -0600, Chip Atkinson wrote:
>I discovered that a machine in my charge has been totally cracked. I
>believe that they went in via some exploit in bind. There is a bind RPM
Yeah, that bind exploit has been pretty painful. It's, unfortunately,
REALLY easy to check remotely.
>To see if you have this problem, check for
>/usr/bin/h2so4 and
>dev/...32865e73tbvefgdsgft3r5etgDSFGSDGdg
We haven't seen very many instances of RPM or the RPM database being
whacked to vocer up exploits, but it's not a hard thing to do that so
you shouldn't rely on it. However, it can be a good first step.
Usually I consider a cracked machine "infected" and prefer to do a
fresh install instead of just trying to clean up.
Sean
--
On seeing a girl with a pierced tongue, he thought, "Just like
Microsoft. Can't do the job right, so throw hardware at it."
Sean Reifschneider, Inimitably Superfluous <jafo at tummy.com>
tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python
More information about the LUG
mailing list