[BLU] Help... I've been hacked!

[TWGuilderson at cvs.com (Guilderson, Tom W.)]

> -----Original Message-----
> From: David Kramer [mailto:david at thekramers.net]
> Sent: Tuesday, March 27, 2001 12:19 PM
>>>>> ...... 
> Take this advice from one who learned the hard way.  You need 
> to reformat
> the hard drive and start over. ......> 

Absolutely agree that you need to do a complete reinstall to be sure. Also
look at what services are running that you do not need that are known
security problems - the RedHat default versions of named/bind, sendmail,
portmapper, lpr, all have issues, if you do not need it, don't run it. To
get the latest security updates from RedHat go to
http://www.redhat.com/support/errata/  and make sure that you update the
appropriate packages for your system. 

Also you need to look at ipchains(for 2.2.x kernel) or netfilter(2.4.x
kernel) to do packet filtering to only allow the traffic in and out of the
box that you want. RH 6.2 is a 2.2.x kernel - look at the sites David
mentioned, but also check out the following site which has a lot of good
info and links on securing a Linux system - 
http://www.linux-firewall-tools.com/linux/ and read the FAQ (no frames
version is a cleaner interface). You can use the ipchains script RLZ
provides as a basis and customize for your needs. 

Also definitely install SSH from http://www.openssh.org/ and turn off
telnet, ftp, rlogin, rsh, etc etc. In two hours time you can have a packet
filter firewall and SSH up and working with minimal effort.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: Tom Guilderson (E-mail).vcf
Type: application/octet-stream
Size: 381 bytes
Desc: not available
URL: <http://lists.blu.org/pipermail/discuss/attachments/20010327/968e3f60/attachment.obj>