On Fri, 03 Mar 2006 11:39:30 +1300 Don Gould wrote: > On Fri, 2006-03-03 at 11:26, Andrew Errington wrote: > > > My sympathies. Do you know how it was done? Do you now know how to > > prevent it? Can you document it here (even briefly) so that others can see > > what could happen, and how it can be avoided? Obviously stuff like this is > > only valid for a while until the next hack is fine-tuned. > > I know that it doesn't work properly anymore. > > I know that it did work. > > I don't know exactly why it doesn't work.
So you don't know that it has been hacked, merely that it is not working. By the way, what do yo umean "not working". What is and isn't it doing? > > I do know that snort was reporting a large number of hits and blocked 30 > to 40 ips > That is NOT a sign that it has been hacked. All machines on the internet receive connection attempts. > I've turned it off today. > > I have to go to a wedding in Wellington this weekend so I won't have > time to do anything about it today. > > I plan to put it back on line and publish the root password on list so > that anyone who's interested can have a look and see if we can work out > what killed it. > > Then next week I'm going to rebuild it. > > In some ways it's not a bad thing because it's forcing me to get really > good at getting one of these boxes up and running. Wilber did most of > the work on the first one for me. I've learnt how to use ndiswrapper > but there still stuff I don't know. I've learnt how to configure most > of the system but there's still stuff I need to know, so his efforts > haven't been wasted. > > I'm leaving it off line today because there's still stuff on it that I > need to pull off - like all Wilbers' work on the ndiswrapper stuff that > we did to get the yoobo working. > > Cheers Don -- Nick Rout <[EMAIL PROTECTED]>
