distro

[dave]

I appreciate the info and advice.  I'll have it unplugged immediately.
Originally I did have 7.1 but I couldn't get CGI to work so I went back
to 7.0.  Feel free to share your findings with the list.



-Dave

-----Original Message-----
From: Warren Togami [mailto:warren at togami.com] 
Sent: Monday, June 25, 2001 9:24 PM
To: Linux & Unix Advocates & Users
Subject: [luau] Re: distro

It looks like your LPRng or NFS service was cracked.

The LPRng printer server included (and sadly activated) in the default
install of Red Hat 7.0 is vulnerable.  The Ramen worm cracked this (and
wuftpd FTP server of Red Hat 6.2), then disabled those services so other
people couldn't crack it after the original crack.

Read about Ramen worm here.  You weren't cracked by it in particular,
but
the cracker used a similar method to root your box.
http://www.redhat.com/support/alerts/ramen_worm.html

Read the security advisories here.
http://www.redhat.com/support/errata/index.html

I don't know why your portmap and NFS server is running.  I suspect that
this may have been another retarded default install decision of Red Hat
7.0,
or maybe activated by the cracker.  Especially because you have no need
for
NFS (and portmap which NFS needs), these should have been disabled.
People
who need NFS should have it blocked by their firewall and tcp wrappers
for a
little security from Internet attacks, or ideally on an isolated network
segment.

Something everyone must understand is that you MUST update all packages
of
your Linux distribution after installation, then disable all services,
enabling only the ones you specifically need.  NOBODY needs FTP or
telnet
server.  Period.  Use SSH, SCP, SFTP and tunnels.  Its faster (with
compression) and secure.

Please disconnect from the network now.  You can either attempt to
backup
your needed files offline, but ideally you will want to boot from a
clean
Linux/boot/rescue disk in order to save your data to avoid any
possibility
of trojans interfering.

Fortunately Red Hat wisened up at Red Hat 7.1 and disabled most services
by
default.  You'll be very happy with Red Hat 7.1.  Everything about it is
greatly improved, and to my knowledge there are currently no remote
exploits
in default install.  After you install, register with RHN then use
up2date
to download the latest bug fixes.  After you register with RHN, they'll
e-mail you when new updates are available.  Very handy.

----- Original Message -----
From: "dave" <d.eason at home.com>
To: "'Warren Togami'" <warren at togami.com>
Sent: Monday, June 25, 2001 2:52 PM
Subject: RE: [luau] Re: distro


> nope
>
> -----Original Message-----
> From: Warren Togami [mailto:warren at togami.com]
> Sent: Monday, June 25, 2001 8:57 PM
> To: dave
> Subject: Re: [luau] Re: distro
>
> Did you have a need to use portmap and NFS on this machine?



---
You are currently subscribed to luau as: d.eason at home.com
To unsubscribe send a blank email to $subst('Email.Unsub')