[LUAU] Hackers found
bbraun at sparcy.synack.net
bbraun at sparcy.synack.net
Thu Jan 28 08:05:38 PST 1999
On Wednesday, Jan 1999 at 22:8:23 Scott Cooley wrote:
|
| Does anyone have a suggestion as to how I can prevent this from happening
| again once I restore the backup? What exploit could someone use who
| didn't already have shell access to the box? I'm running RedHat 5.1, and
| (to my knowledge) the box was pretty well secured, i.e. only minimal inetd
| stuff going and no majorly buggy daemons installed. Needless to say, the
| logs were wiped so I can't tell exactly what happened.
Biggest thing these days that the script kiddies are attacking is mountd.
RedHat has been shipping with an ancient version of rpc.mountd that allows
a remote user to gain root on a local machine. This is an ongoing complaint
I have with RedHat, but I'll skip that rant for now. =)
Anyway, there should be no circumstances that off site users should be
using NFS. This means you should deny all external IP's to any of the
rpc services. Even if you have a remote site and they are using nfs
over the 'net between offices, this is a bad idea. NFS is not secure.
Rob
More information about the LUAU
mailing list