On Sun, 2 Jan 2000, Michael Hatchard wrote:
> How can I keep this person out of our system??
First, reinstall everything. Unless you've been diligently using a
reliable intrusion detection system such as tripwire, you can't guarantee
that essential services haven't been compromised. Reformat and reinstall.
Next, upgrade your version of SSH to one that isn't vulnerable to buffer
overflows, change your passwords, and make sure that SSH is compiled to
run from inetd. It's much slower that way, but by limiting SSH sessions to
systems defined only in your hosts.allow file will add a further layer of
protection for you.
Also, consider that you're running an older version of Red Hat, which may
have other vulnerable utilities. Grab all the latest patches, since it's
quite likely that you have other vulnerabilities.
Subscribe to bugtraq, and always keep up to date on current
security-related packages from Red Hat and other software vendors.
Good luck.
--
Todd A. Jacobs
Network Systems Engineer
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
