[Techtalk] Server was broken into ... what good tools are there to probe vulnerabilities?

Michael Carson mikecarson at usa.net
Wed Nov 21 15:33:57 EST 2001

Raven, corporate courtesan wrote:

>Heya --
>Quoth Jeff Dike (Wed, Nov 21, 2001 at 01:55:46PM -0500):
>>raven at oneeyedcrow.net said:
>>>Then reinstall from original source media and restore your backups of
>>Backups are suspect if you don't know for how long you've been rooted.
>	They can be, yah.  That's why I specified backups of data, and
>no binaries.  (Read: nothing executable.  Check all your scripts, too.)
>That lessens your risk of having a backdoor on there -- even if they
>have one in your data, if it's not +x it can't (to the best of my
>knowledge) do anything.
    The only thing I can think of is that a shell script that is not 
marked executable can be executed with the source command, or by 
specifying it on a shell's command line.  OTOH, if the bad guys can do 
*that* there are already larger issues.  :)


More information about the Techtalk mailing list