Re: [PLUG] Hacked linux server

Jeff Dean on Wed, 16 Jan 2002 01:40:27 +0100

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Hacked linux server

From: Jeff Dean <jdean@ieee.org>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] Hacked linux server

Date: Tue, 15 Jan 2002 19:39:30 -0500

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

Tough luck. Before you put your replacement system on the net, use nessus against it (preferably from another system with no intermediate router). That'll go a long way to showing what you are advertising. Make sure you have all the newest modules installed.

Newer versions of nessus also can be set up to scan repeatedly and "difference" a previous saved (presumably clean) result. Coupled with a cron job to update your plugins, this can help you detect new vulnerabilities that are either introduced on your system or uncovered by nessus contributors. I've been using the latest experimental version (v1.1.11) on RH72 with success.

jd

At 05:38 PM 1/15/2002 -0500, you wrote:

First, how can I go about finding the hole that led me to this problem in the first place. I suspect that it was either bind or ssh that did me in, but I'm not sure, and would really like to know.

Jeff Dean
jdean@ieee.org

Prev by Date: Re: [PLUG] Remote X

Next by Date: Re: [PLUG] Remote X

Previous by thread: Re: [PLUG] Hacked linux server

Next by thread: [PLUG] HOWTO run a Microsoft free shop

Index(es):

Date

Thread