distro
Warren Togami
warren at togami.com
Mon Jun 25 18:24:29 PDT 2001
It looks like your LPRng or NFS service was cracked.
The LPRng printer server included (and sadly activated) in the default
install of Red Hat 7.0 is vulnerable. The Ramen worm cracked this (and
wuftpd FTP server of Red Hat 6.2), then disabled those services so other
people couldn't crack it after the original crack.
Read about Ramen worm here. You weren't cracked by it in particular, but
the cracker used a similar method to root your box.
http://www.redhat.com/support/alerts/ramen_worm.html
Read the security advisories here.
http://www.redhat.com/support/errata/index.html
I don't know why your portmap and NFS server is running. I suspect that
this may have been another retarded default install decision of Red Hat 7.0,
or maybe activated by the cracker. Especially because you have no need for
NFS (and portmap which NFS needs), these should have been disabled. People
who need NFS should have it blocked by their firewall and tcp wrappers for a
little security from Internet attacks, or ideally on an isolated network
segment.
Something everyone must understand is that you MUST update all packages of
your Linux distribution after installation, then disable all services,
enabling only the ones you specifically need. NOBODY needs FTP or telnet
server. Period. Use SSH, SCP, SFTP and tunnels. Its faster (with
compression) and secure.
Please disconnect from the network now. You can either attempt to backup
your needed files offline, but ideally you will want to boot from a clean
Linux/boot/rescue disk in order to save your data to avoid any possibility
of trojans interfering.
Fortunately Red Hat wisened up at Red Hat 7.1 and disabled most services by
default. You'll be very happy with Red Hat 7.1. Everything about it is
greatly improved, and to my knowledge there are currently no remote exploits
in default install. After you install, register with RHN then use up2date
to download the latest bug fixes. After you register with RHN, they'll
e-mail you when new updates are available. Very handy.
----- Original Message -----
From: "dave" <d.eason at home.com>
To: "'Warren Togami'" <warren at togami.com>
Sent: Monday, June 25, 2001 2:52 PM
Subject: RE: [luau] Re: distro
> nope
>
> -----Original Message-----
> From: Warren Togami [mailto:warren at togami.com]
> Sent: Monday, June 25, 2001 8:57 PM
> To: dave
> Subject: Re: [luau] Re: distro
>
> Did you have a need to use portmap and NFS on this machine?
More information about the LUAU
mailing list