[lug] Ancient RH box hacked, which packages must be updated?

Bill Gjestvang bill at uncultured.org
Fri Mar 26 11:06:37 MST 2004


If the box has been rooted, there are probably backdoors installed.  He
may not be coming in the way he originally got in.
-Bill Gjestvang

Bear Giles said:
> Lee Woodworth wrote:
>> I know that 2 years ago a secondary-DNS server in Golden was
>> hacked. The box was running RH6 with an old SSH. The hack was
>> thgough SSH. IIRC there was some weakness in version 1 of the
>> protocol and the RH6 sshd only supported version 1.
>
> We don't know how the guy is getting in, only that it's not
> through one of the services we've already shut down.  I thought we  had
> updated ssh to 3.6 a while back, but it seems to still be
> running 3.5.
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug






More information about the LUG mailing list