[ILUG-BOM] Login Problem Please help
Thu Mar 6 22:08:36 IST 2003
On 06/03/03 17:29 +0530, Kamal Matta wrote:
> thanks mr nath,
> but how come this would have been done ? if seems i don't have a choice but
> to reinstall and resetup. is it possible to reinstall the damaged area as
> reinstlling and resetup will be big problem for me.
It is possible to do this, if you trust a compromised machine. I never
do. For all you know, there is a krnel module in there somewhere.
As to how, you need to do forensics on that system. That will cost
money, and really isn't worth doing unless you have the academic
interest or are sending the laywers after that cracker.
> i am using this server for NAT/RAS/DNS/DHCP/PROXY/WEB services. i am using
> ipchains and setted masq on ppp and eth1 ports to allow to use this box as
> gateway to some users as rest use proxy settings.
Overloaded with services. Have you ever applied any patches to this box?
> only recently we have started using cable internet and got one ip. could
> this has helped the hackers ? earlier we were using diapup connectivity. if
> possible please help me and tell as what precautions should i take to keep
> away the hackers.
Patch, patch, patch. Read bugtraq religiously. Plenty of documentation
available online too.
> i will let u know what u have asked as right now my system is in use by
> users as rest everything is working except login. and see all details i have
> to boot it to linux single.
Rebuild, boot into single user mode, patch upto date, limit working
services, write firewall script, setup remote logging, bring box online.
Stay alert for vulnerability bulletins and updates.
More information about the Linuxers