Hi!
Just to confirm that we found traces of the actual intrusion. There
are no IRC bot in Devil Linux 1.2.10 distro. Sorry for my previous
mail. It was just a coincidence of coincidences both of technical and
human nature.
Namely, there was an intrusion to a DL host not exposed to the
internet (low-probability event) made in a short timeframe from
reboot to the moment the bot was discovered (l-p event). The
intrusion was made via a chain of DMZ/intranet hosts (lpe). Also, our
proxy cached a zero-size page for devil-linux.org for unknown reason
(lpe). There were also other low-probability events.
Devil Linux is OK, we are going to use it in production after
performing all the necessary exorcism procedures.
Victor
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
