On Fri, 2006-03-03 at 11:26, Andrew Errington wrote: > My sympathies. Do you know how it was done? Do you now know how to > prevent it? Can you document it here (even briefly) so that others can see > what could happen, and how it can be avoided? Obviously stuff like this is > only valid for a while until the next hack is fine-tuned.
I know that it doesn't work properly anymore. I know that it did work. I don't know exactly why it doesn't work. I do know that snort was reporting a large number of hits and blocked 30 to 40 ips I've turned it off today. I have to go to a wedding in Wellington this weekend so I won't have time to do anything about it today. I plan to put it back on line and publish the root password on list so that anyone who's interested can have a look and see if we can work out what killed it. Then next week I'm going to rebuild it. In some ways it's not a bad thing because it's forcing me to get really good at getting one of these boxes up and running. Wilber did most of the work on the first one for me. I've learnt how to use ndiswrapper but there still stuff I don't know. I've learnt how to configure most of the system but there's still stuff I need to know, so his efforts haven't been wasted. I'm leaving it off line today because there's still stuff on it that I need to pull off - like all Wilbers' work on the ndiswrapper stuff that we did to get the yoobo working. Cheers Don
