| Su | Mo | Tu | We | Th | Fr | Sa |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | 6 | |
| 7 | 8 | 9 | 10 | 11 | 12 | 13 |
| 14 | 15 | 16 | 17 | 18 | 19 | 20 |
| 21 | 22 | 23 | 24 | 25 | 26 | 27 |
| 28 | 29 | 30 | 31 |
Browse archives
Syndicate
pwnt
Submitted by reeses on Fri, 2001-10-26 12:44.
I got 0wned!
I had been fairly vigilant about keeping this machine up to date with Redhat patches, but I had left one important hole open. D'oh! What's amusing is that it was a hole in the attack detection mechanism that provided root access to my box.
I had been infected for quite a while. The skript-kiddie was very inexperienced in covering his tracks, and within about thirty seconds of my initial suspicions, I had verified that I had been rooted, and five minutes later, where he had come from. After I'm done cleaning things up and securing them, I'll go after his upstream, but it was probably also a hacked machine.
Here's a bit of advice, if you want to root people: Don't run cpu-heavy processes that you're not masking from top! If the dingus hadn't been running the genome@home client on this tiny p166, I probably would not have noticed it for quite a while. As it was, when my load average went from .5 to over 2.0, with no change in my application load, I had to go looking. Also, while he was careful to remove some logfiles, he left some other pretty damning ones. Oops!
Anyway, it gave me an opportunity to restructure my home network a little, install RH 7.2, and learn a little bit about Redhat insecurity. At least it wasn't one of my IRIX boxes. I'd never get him out.
All in all, a cheap security reminder. If he had been competent, I could have been really screwed.
delicious
digg
reddit
technorati