[NTLUG:Discuss] crack autopsy
Jonathan Miller
betaray at kludge.org
Thu Aug 26 22:58:56 CDT 1999
I've seen this exact exploit before. This guy looks like an idiot. Well,
obviously he's an idiot or you wouldn't have caught him, it's not
particularlly hard to hide yourself without whacking /var/log/ stuff. Odds
are fairly good that you've got a root kit somewhere on your system and
things like inetd, telnetd, etc have been replaced with altered binaries.
I'd suggest reinstalling, but using something newer that whatever you
installed in the first place, because that's a rather old NFS exploit.
Generally I hear the robust distros are fairly security aware.
The only really thing you can do to protect yourself is either hide the
computer or keep upto date with whatever your distro's security updates.
BTW I use Stampede, I love it and all but there's a lot of exploitable
things it does by default (luckily I haven't found anything remote). So I
recommend you stay mainstream.
(Begin lame metaphore heavy concluding paragraph)
As Spiderman used to say, "With great power there comes great
responsiblity." Linux is a lot of fun but it give you more than enough
rope to hang yourself with.
(End lame metaphore heavy concluding paragraph)
More information about the Discuss
mailing list