Re: [SLUG] Help I got hacked!!

Mon, 02 Jul 2001 01:08:17 -0700 

Hi Andy,

> I've just managed to get myself back online after a few days of 
> repairing damage caused by my first hack attack.

> I got hit by 'luckroot' which basically changes a whole heap of stuff in 
> /etc, /bin and all the usuals.  It seems to be an address / port scanner 
> which collects stuff and emails it back to someone somewhere ????

If someone has installed a 'rootkit' on your box, then you are in
big trouble and need to re-install from scratch. Do *NOT* keep 
any binaries from your current box - data files only. Without something
'like' tripwire to verify the integrity of your binary files, you
probably still have trojaned programs lying around. Although
the cracker may not have access, you simply do not know
what little goodies they have left lying around for you.

Regards,

Jon Austin

----- Original Message ----- 
From: "Andy Eager" <[EMAIL PROTECTED]>
To: "slug" <[EMAIL PROTECTED]>
Sent: Monday, July 02, 2001 6:19 PM
Subject: [SLUG] Help I got hacked!!


> Hi all,
> 
> Heeeeelp...
> 
> I've just managed to get myself back online after a few days of 
> repairing damage caused by my first hack attack.
> 
> I got hit by 'luckroot' which basically changes a whole heap of stuff in 
> /etc, /bin and all the usuals.  It seems to be an address / port scanner 
> which collects stuff and emails it back to someone somewhere ????
> 
> 
> I fixed everything (I think except for /dev/hdc, /dev/console and the 
> /dev/tty's) 
> 
> My question is:  Can I safely force rpm to reinstall the dev package ? 
> (without screwing my hard disk settings in the process ?
> 
> Also, does anyone know of a service on the net that can attempt to find 
> these holes in my firewall / sysconfig without doing damage ?
> 
> Thanks,
> 
> Andrew E.
> 
> PS:   Haven't these hacking  pr??ks got anything better to do with their 
> time !!
> 
> 
> -- 
> SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
> More Info: http://lists.slug.org.au/listinfo/slug


-- 
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug

Reply via email to