[plug] Fw: I am so sorry!Your hosts was hacked!

Steve Vertigan vertigan at bigfoot.com
Mon Apr 9 22:40:05 WST 2001


Travis Read wrote:
> 
> Correct me if I'm wrong, if you use ipchains and block all external direct
> connectionts to your gateway than chances are, your safe?

My memory on this is pretty foggy but IRC there was a problem with linux
ipchains implementation a while ago not examining udp packets correctly
which meant an attacker could send illegitimate udp packets through a
firewall.  So at the moment "chances are" you're safe but there's still
never 100% surety, short of physically disconnecting from the network.

Also was it rootshell.com that were hacked about 12/24 months ago
despite the fact that the only services they had running were apache,
qmail and ssh?  I can't recall if they ever determined which the guilty
service was though ssh was the main suspect.  Came as quite a shock to
me at the time as I was running those services and more on a box I
would've sworn was 'impenetrable'. :)

Regards,
Steve

-- 
FreeBSD maelstrom.dyn.dhs.org 3.4-STABLE i386
10:35PM  up 28 days,  6:18, 1 user, load averages: 0.01, 0.02, 0.06
Your analyst has you mixed up with another patient.  Don't believe a
thing he tells you.



More information about the plug mailing list