[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-developers] My RaQ's been Hacked
- Subject: Re: [cobalt-developers] My RaQ's been Hacked
- From: "Paul Gillingwater" <paul@xxxxxxxxxxx>
- Date: Sun Mar 25 03:46:37 2001
- List-id: Discussion Forum for developers on Cobalt Networks products <cobalt-developers.list.cobalt.com>
"Edmund J. Mildenberger" <ed@xxxxxxxxxxxxxxxx> said:
> My questions:
> Where in the debris am I likely to find a clue to the IP of the
purpetrator?
> What specific RaQ3 compatible software would have likely prevented
> this?
This is most likely due to the LION Worm, which is documented here:
http://www.theregister.co.uk/content/8/17864.html
There is no software that could prevent this. The only thing that could have
stopped it would be either (a) not running a DNS service or (b) keeping up
with the latest security patches.
Your only option is a complete reinstall, or just restore individual files
and backdoors as outlined here:
http://www.sans.org/y2k/t0rn.htm
As for your first question -- there is little or no chance you will find the
IP address of the perp. Even if you did, it's likely this was launched from
another compromised system, i.e., another chain of victims, and therefore
there's little chance of tracing it back.
I strongly suggest you join the Cobalt Security list, which discussed this a
few weeks ago.
--
*********************************
Paul Gillingwater
Managing Director
CSO Lanifex Unternehmensberatung
& Softwareentwicklung G.m.b.H.
NEW BUSINESS CONCEPTS
E-mail: paul@xxxxxxxxxxx
Telnum: +43/1/21 98 222
Mobile: +43/699/1922 3085
Webhome: http://www.lanifex.com
Address: Praterstrasse 60/1/2
A-1020 Vienna, Austria
*********************************