Yeah, I would love to attend such a meeting after the incident yesterday.
A cracker hacked into two of my computers and get root for both. He exec'd
"rm -rf /" as root on one of them and changed the root passwd for the
other. I was forced to reinstall everything and lost two days' of work ...
The puzzle is that I have turned off most of my system service (no ftp, no
sendmail, no finger etc etc) and have always used "ssh" and "scp". The
only things I run are DNS and apache+tomcat (servlet engine). Do they have
security problems? I did not run them as root (Well, DNS is running as
root but it only runs on one of the compromised boxs)! Maybe the hacker
was in my computer back in the old days when I was using unprotected
telnet? Then, how come he did not "rm -rf /" back then?
Oh, I also run SETI@home from one of my user account. Can that program be
compromised?
Anyways, I am eager to learn more about security to prevent future attacks
... I want to try tripwire to monitor my system. Does anyone have any
experience with that?
Thanks a lot
Michael
On Sat, 25 Mar 2000, Paul Sack <[EMAIL PROTECTED]> wrote:
> Did this happen last Sunday? If not, when is it happening? (Tom?)
>
> --
> Those who can, do; those who can't, simulate.
>
> ---------------------------------------------------------------------------
> Send administrative requests to [EMAIL PROTECTED]
>
---------------------------------------------------------------------------
Send administrative requests to [EMAIL PROTECTED]
