[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] RaQ4 hacked?

Subject: Re: [cobalt-users] RaQ4 hacked?
From: "Drew T. Nichols" <dtnichols@xxxxxxxxx>
Date: Tue May 1 04:50:36 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

--- Steve Werby <steve-lists@xxxxxxxxxxxx> wrote:
> "Drew T. Nichols" <dtnichols@xxxxxxxxx> wrote:
> > I have been keeping up with patches twice a day
> and
> > still managed to get hacked and /var/log removed. 
> I
> > am at a loss as to what more I can do to protect
> my
> > RaQ.  I even ahd DNS disabled.  Any thoughts on
> what
> > can be done?
> 
> What steps have you taken other than disabling DNS?
> 

Steve, et al:
I have applied patches religiously, disabled BIND
(though I believed it was up to date) and have made
sure not to telnet/SSH from other unix boxes, provided
they were comprimised and watching outgoing sessions. 
Essentailly, I've done everything I knew to prevent
this from happening.  The hackers are now running port
scans to the world, making my life oh so easy.  I
suspect they may have come in via POP since it was
suddenly disabled in /etc/inetd.conf.

Drew

__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/

Follow-Ups:
- Re: [cobalt-users] RaQ4 hacked?
  - From: Steve Werby

References:
- Re: [cobalt-users] RaQ4 hacked?
  - From: Steve Werby

Prev by Date: [cobalt-users] China War
Next by Date: RE: [cobalt-users] DNS Replication
Previous by thread: Re: [cobalt-users] RaQ4 hacked?
Next by thread: Re: [cobalt-users] RaQ4 hacked?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index