[NTLUG:Discuss] crack autopsy
Dan Carlson
dcarlson at dcarlson.net
Thu Aug 26 22:53:12 CDT 1999
At a minimum, check that your /etc/inetd.conf and /etc/services files have not been
modified. When my system was cracked several months ago the infiltrator installed
bash as a service on a specific port. This allowed him to telnet to that port and
have a root shell without even having to login. Luckily, I caught this right away
and disabled it.
If you've got the time it would be a good idea to check all configuration files in
/etc/..., /var/..., and wherever else you have config files stored on your system.
Dan Carlson
lee wrote:
> <snip>
>
> i do have a question though... i don't think i need to reinstall everything, but
> are there any other files/configurations stuff that i should look at to see if
> it's been compromised? thanks,
>
> -- lee
>
> -- lee
>
> _______________________________________________
> http://ntlug.org/mailman/listinfo/discuss
More information about the Discuss
mailing list