[lug] Cracked system

Sean Reifschneider jafo at tummy.com
Fri Sep 1 17:57:49 MDT 2000

On Fri, Sep 01, 2000 at 06:18:04PM -0600, Chip Atkinson wrote:
>I discovered that a machine in my charge has been totally cracked.  I
>believe that they went in via some exploit in bind.  There is a bind RPM

Yeah, that bind exploit has been pretty painful.  It's, unfortunately,
REALLY easy to check remotely.

>To see if you have this problem, check for 
>/usr/bin/h2so4 and

We haven't seen very many instances of RPM or the RPM database being
whacked to vocer up exploits, but it's not a hard thing to do that so
you shouldn't rely on it.  However, it can be a good first step.

Usually I consider a cracked machine "infected" and prefer to do a
fresh install instead of just trying to clean up.

 On seeing a girl with a pierced tongue, he thought, "Just like
 Microsoft.  Can't do the job right, so throw hardware at it."
Sean Reifschneider, Inimitably Superfluous <jafo at tummy.com>
tummy.com - Linux Consulting since 1995. Qmail, KRUD, Firewalls, Python

More information about the LUG mailing list