On Sat, Oct 11, 2003 at 09:47:35PM -1000, Ben Beeson wrote: > 1) How did the cracker get past the firewall?
Is SSH open and unpatched? I bet it is. > 2) Does this represent a hole that can be plugged? You can plug it up, but there are no guarantees a backdoor was not left behind. > 3) What else should I check or do to make sure that I'm not > "owned" by someone but me? Completely reinstall your system, installing only what you know you need. Update all your packages. > 4) How can I keep this person out in the future? Keep your system updated. Read up on file integrity scanners. Audit your filesystem regularly. How do you know the firewall script worked? Do not just run a script and expect it to work the way your think it supoosed to work. Verify. -Vince
