[LUAU] Hackers found
Chris Wong
wongc at math.ed.hawaii.edu
Thu Jan 28 00:33:07 PST 1999
On Wed, 27 Jan 1999, Chris Wong wrote:
> On Wed, 27 Jan 1999, Scott Cooley wrote:
>
> > Does anyone have a suggestion as to how I can prevent this from happening
> > again once I restore the backup? What exploit could someone use who
> > didn't already have shell access to the box? I'm running RedHat 5.1, and
> > (to my knowledge) the box was pretty well secured, i.e. only minimal inetd
> > stuff going and no majorly buggy daemons installed. Needless to say, the
> > logs were wiped so I can't tell exactly what happened.
>
> I'm going to go out on a limb and say pop-3. The amount of probes I see on
> my pop-3 is rather suspicious since I haven't seen any exploits for it.
Looking over the errata for Redhat 5.1... There are a lot.
These are the ones that may be remotely exploitable...
IMAP, Samba, NFS, Bind, DHCP, DHCPcd
> You might want to use tcp_wrappers to keep the services down to your own
> local subnet.
or the tcp_wrappers had a trojan.
More information about the LUAU
mailing list