Date: Mon, 05 Mar 2001 18:34:52 -0800 From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> To: Alfred Perlstein <bright@wintelcom.net> Cc: Evren Yurtesen <yurtesen@ispro.net.tr>, Dag-Erling Smorgrav <des@ofug.org>, dce <dce@squish.org>, security@FreeBSD.ORG Subject: Re: 31337 Message-ID: <200103060235.f262Zs094331@cwsys.cwsent.com> In-Reply-To: Your message of "Mon, 05 Mar 2001 12:09:19 PST." <20010305120919.X8663@fw.wintelcom.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20010305120919.X8663@fw.wintelcom.net>, Alfred Perlstein writes: > * Evren Yurtesen <yurtesen@ispro.net.tr> [010305 11:30] wrote: > > cant it be a person who has a shell and execute some daemons etc ? like > > ircd? > > > > why does he need to reinstall his system? > > Oh, and as far as why a complete reinstall is a good idea, iss because > you have _no idea_ as to how far the person has gone to install back > doors in the system, only a complete reinstall has a good chance of > fixing them all. ... then install tripwire. This will help identify changed files. Not a perfect solution, as tripwire can be circumvented, but it is more difficult. Then keep a copy of your database offline and/or sign your database. Alternatively run at securelevel > 0. Once again not a perfect solution. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/Alpha Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC > > > > > > > > Evren > > > > > dce <dce@squish.org> writes: > > > > I have noticed the following ports open on my FreeBSD 4.2-STABLE machin > e > > > > > > > > 31337/tcp open Elite > > > > 6667/tcp open irc > > > > > > You're owned. Take your box off the net, take a backup, reinstall from > > > trusted media (preferably original CD-ROMs from BSDI), transfer data > > > (*no* executables, scripts or configuration files!) from backup. And > > > get some security clue; the security(7) man page is a good place to > > > start, though far from complete. > > > > > > DES > > > -- > > > Dag-Erling Smorgrav - des@ofug.org > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > -- > -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200103060235.f262Zs094331>