[plug] Fw: I am so sorry!Your hosts was hacked!
Steve Vertigan
vertigan at bigfoot.com
Mon Apr 9 22:40:05 WST 2001
Travis Read wrote:
>
> Correct me if I'm wrong, if you use ipchains and block all external direct
> connectionts to your gateway than chances are, your safe?
My memory on this is pretty foggy but IRC there was a problem with linux
ipchains implementation a while ago not examining udp packets correctly
which meant an attacker could send illegitimate udp packets through a
firewall. So at the moment "chances are" you're safe but there's still
never 100% surety, short of physically disconnecting from the network.
Also was it rootshell.com that were hacked about 12/24 months ago
despite the fact that the only services they had running were apache,
qmail and ssh? I can't recall if they ever determined which the guilty
service was though ssh was the main suspect. Came as quite a shock to
me at the time as I was running those services and more on a box I
would've sworn was 'impenetrable'. :)
Regards,
Steve
--
FreeBSD maelstrom.dyn.dhs.org 3.4-STABLE i386
10:35PM up 28 days, 6:18, 1 user, load averages: 0.01, 0.02, 0.06
Your analyst has you mixed up with another patient. Don't believe a
thing he tells you.
More information about the plug
mailing list