[Techtalk] Server was broken into ... what good tools are there to probe vulnerabilities?
mikecarson at usa.net
Wed Nov 21 15:33:57 EST 2001
Raven, corporate courtesan wrote:
>Quoth Jeff Dike (Wed, Nov 21, 2001 at 01:55:46PM -0500):
>>raven at oneeyedcrow.net said:
>>>Then reinstall from original source media and restore your backups of
>>Backups are suspect if you don't know for how long you've been rooted.
> They can be, yah. That's why I specified backups of data, and
>no binaries. (Read: nothing executable. Check all your scripts, too.)
>That lessens your risk of having a backdoor on there -- even if they
>have one in your data, if it's not +x it can't (to the best of my
>knowledge) do anything.
The only thing I can think of is that a shell script that is not
marked executable can be executed with the source command, or by
specifying it on a shell's command line. OTOH, if the bad guys can do
*that* there are already larger issues. :)
More information about the Techtalk