Jeff Dean on Wed, 16 Jan 2002 01:40:27 +0100


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Hacked linux server


Tough luck.  Before you put your replacement system on the net, use nessus against it (preferably from another system with no intermediate router).  That'll go a long way to showing what you are advertising.  Make sure you have all the newest modules installed.

Newer versions of nessus also can be set up to scan repeatedly and "difference" a previous saved (presumably clean) result.  Coupled with a cron job to update your plugins, this can help you detect new vulnerabilities that are either introduced on your system or uncovered by nessus contributors.  I've been using the latest experimental version (v1.1.11) on RH72 with success.

jd

At 05:38 PM 1/15/2002 -0500, you wrote:
First, how can I go about finding the hole that led me to this problem in the first place.  I suspect that it was either bind or ssh that did me in, but I'm not sure, and would really like to know.


Jeff Dean
jdean@ieee.org