Re: TRG vger.timpanogas.org hacked

Michael H. Warfield (mhw@wittsend.com)
Tue, 5 Jun 2001 14:42:16 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Khachaturov, Vassilii: "RE: kHTTPd hangs 2.4.5 boot when moduled"
Previous message: David Gordon: "kHTTPd hangs 2.4.5 boot when moduled"

On Tue, Jun 05, 2001 at 11:30:51AM -0700, Jeff V. Merkey wrote:
> On Tue, Jun 05, 2001 at 08:05:34AM +0100, Alan Cox wrote:
> > > is curious as to how these folks did this. They exploited BIND 8.2.3
> > > to get in and logs indicated that someone was using a "back door" in

> > Bind runs as root.

> > > We are unable to determine just how they got in exactly, but they
> > > kept trying and created an oops in the affected code which allowed
> > > the attack to proceed.

> > Are you sure they didnt in fact simply screw up live patching the kernel to
> > cover their traces

> Could have. The kernel is unable to dismount the root volume when booted.
> I can go through the drive and remove confidential stuffd and just leave
> the system intact and post the entire system image to my ftp server.

This would be a good thing for those of us involved in investigating
these sorts of things. :-/

> I have changed all the passwords on the server, so what's there is no
> big deal. This server was public FTP and web/email, so nothing really
> super "confidential" on it.

> Jeff

Mike

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/

Next message: Khachaturov, Vassilii: "RE: kHTTPd hangs 2.4.5 boot when moduled"
Previous message: David Gordon: "kHTTPd hangs 2.4.5 boot when moduled"