[Techtalk] Server was broken into ... what good tools are there to probe vulnerabilities?

coldfire rolick571 at duq.edu
Tue Nov 20 23:17:06 EST 2001

> > Both are owned by root and set to read only. I assume this means they
> > got root access?
> Yup.  You should assume this anyway after you've been broken into, even if
> you have no evidence that they got root.

or in the very least, assume backdoors ..

> > Can people suggest tools I can use to probe vulnerabilities of my
> > system? 
> Bastille Linux, if you're running a distro that it supports.
> If you're the Debian type, I think a daily 'apt-get dist-upgrade' in cron
> will keep you a step ahead of the bad guys.
> And the tool you need right now is your distro's installation procedure,
> because you need to wipe the machine's disks and completely reinstall it.

if you don't want to wait until being hacked, give snort a shot.


More information about the Techtalk mailing list