[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Hacked?? Telnet Connected But Not Activated?

Subject: Re: [cobalt-users] Hacked?? Telnet Connected But Not Activated?
From: "Norris" <nuzman@xxxxxxxxxx>
Date: Wed Apr 18 21:26:02 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Find a good firewall and only allow the proper traffic in/out ... and
restrict SSH access to your known IP addresses. If you still know the host
address that telnet session was open to, deny access from that host address.

I recommend the NetScreen 5 at $495 ... quite a capable system for a small
package.

Norris

This account is a spam hole used for lists. Mail to it may not be read for
days or weeks at a time.
----- Original Message -----
From: <elmer@xxxxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Thursday, April 19, 2001 12:16 AM
Subject: Re: [cobalt-users] Hacked?? Telnet Connected But Not Activated?


> On Wed, 18 Apr 2001, Wayne Sagar wrote:
>
> } Don't want to be crying wolf..
>
> Perhaps you should be...
>
> } Would anyone have any idea where to look for this instance of telnet
> } running when I've got it turned of...
>
> Somewhere on the hard drive(s). No, I'm not trying to be
> cute. If the machine has been hacked, the stuff the hacker is using
> is obviously hidden - if it were not your logs would contain the
> clues you need to track this stuff down. How well it's been hidden
> depends upon the skill of the person who cracked your box.
>
> The difficult part of this is that the cracker's tools can
> be anywhere. Worse yet, perhaps, if the cracker is any good they've
> more than likely installed one or two backdoors that you are more
> than likely not going to be able to find.
>
> } I know, this sounds like a hack.. but if anyone can point me where to
look
> } and for what to possibly find and nuke this...
>
> Your best option, the only truly viable option perhaps, is
> to either enlist the services of a seasoned security expert or to
> back up your user data and start anew by doing a full re-install.
>
> Truth be told, the odds of you completely cleaning that
> box are slim to nothing. if you try to clean it and you fail, you
> will be doing yourself, your clients and the entire Internet
> community a major dis-service in that your box will most certainly
> be used for questionable - very likely illegal and almost certainly
> as a base from which attempts will be made to exploit other servers.
> Along the way your clients private data will be exploited. Their
> client's credit card numbers will be probably be exploited and much
> much more.
>
> Do yourself a favor. Head over to your favorite security
> site and get yourself some professional assistance.
>
> Peace be with you,
>
> Brent
>
> Brent Sims
> WebOkay Internet Services
> http://www.WebOkay.net
> Brent@xxxxxxxxxxx
> (719) 595-1427 (Voice/Fax)
>
>
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>

References:
- Re: [cobalt-users] Hacked?? Telnet Connected But Not Activated?
  - From: elmer

Prev by Date: Re: [cobalt-users] OT: Best Registrar?
Next by Date: Re: [cobalt-users] New User setup questions...
Previous by thread: Re: [cobalt-users] Hacked?? Telnet Connected But Not Activated?
Next by thread: Re: [cobalt-users] Hacked?? Telnet Connected But Not Activated?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index