On Fri, Aug 22, 2003 at 09:33:08AM -1000, Rob Bootsma wrote: > So my question is, how did they get root? Well, I guess they > used this rootkit, but how did they manage to install that? > Where is the vulnerability? If anyone has any suggestions > of what to look for before I wipe out this box, it would be > greatly appreciated.
Without knowing more, I suspect you performed a full install, disabled iptables, and did not verify that only minimal services were running. If you want to run forensics, set the HD aside and reinstall on new media. Do not boot or mount the partitions read/write. -Vince
