[Techtalk] Server was broken into ... what good tools are there
to probe vulnerabilities?
coldfire
rolick571 at duq.edu
Tue Nov 20 23:17:06 EST 2001
> > Both are owned by root and set to read only. I assume this means they
> > got root access?
>
> Yup. You should assume this anyway after you've been broken into, even if
> you have no evidence that they got root.
or in the very least, assume backdoors ..
> > Can people suggest tools I can use to probe vulnerabilities of my
> > system?
>
> Bastille Linux, if you're running a distro that it supports.
>
> If you're the Debian type, I think a daily 'apt-get dist-upgrade' in cron
> will keep you a step ahead of the bad guys.
>
> And the tool you need right now is your distro's installation procedure,
> because you need to wipe the machine's disks and completely reinstall it.
if you don't want to wait until being hacked, give snort a shot.
abe
More information about the Techtalk
mailing list