Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.os.linux.security > #222
| From | GangGreene <GangGreene@example.com> |
|---|---|
| Newsgroups | comp.os.linux.security |
| Subject | Re: Security breach? |
| Date | 2013-01-13 12:59 -0500 |
| Organization | A noiseless patient Spider |
| Message-ID | <d89bs9-m3d.ln1@crazy-horse.bildanet.com> (permalink) |
| References | (12 earlier) <slrnkf48sj.rpi.BitTwister@wb.home.test> <hklas9-okc.ln1@crazy-horse.bildanet.com> <slrnkf5ieu.kia.BitTwister@wb.home.test> <gd1bs9-ctc.ln1@crazy-horse.bildanet.com> <zvKdnZ1Tgcu9cG_NnZ2dnUVZ_tSdnZ2d@posted.lerostechnologies> |
On Sun, 13 Jan 2013 12:21:35 -0500, Jim Beard wrote: > On 01/13/2013 10:45 AM, GangGreene wrote: >> On Sun, 13 Jan 2013 14:51:10 +0000, Bit Twister wrote: >> >>> On Sun, 13 Jan 2013 07:24:17 -0500, GangGreene wrote: >>>> On Sun, 13 Jan 2013 03:01:39 +0000, Bit Twister wrote: >>>> >>>>> On Sat, 12 Jan 2013 16:29:53 -0600, Ohmster wrote: >>>>> >>>>>> this case. Now I will install tripwire and rkhunter while clean to >>>>>> further protect against these attacks. >>>>> >>>>> I tried tripwire awhile back. A bit complicated for me. That is why >>>>> I went with http://sourceforge.net/projects/aide >>>> >>>> If you are using a rpm based distro then rpm -V -a is your friend. >>> >>> But not your best friend. 8-) >>> >>> It will not tell you about any new applications installed by some >>> other method. >>> >>> What if the cracker used rpm to install malware? :-( >> >> It will show if any installed file has changed from the original rpm >> file (s). From that information you will know what "system files" have >> been compromised. Then you can determine if a rootkit has been >> installed. > > Not if "the original rpm file(s)" were installed by the cracker, using > rpm. Oh please I don't wear a tin foil hats like you do. Isn't it a stretch that a cracker would breakin, upload some rpm files, install them, then burn a dvd with the new rpms and the offer to give you the dvd at no charge? If you would accept that dvd you shouldn't be offering services on the internet in the first place. > >> If you find compromised system files then you know that you must format >> and re-install with out a doubt. At this time I would not care what >> other files have been installed. > > You swing from one extreme (ignore that crackers can use rpm) to the > other (any compromised system files means you must format and re-install > with out a doubt). I favor the format/re-install, but after an attempt > to track down what was actually done, to aid in future defense if > nothing else. No I am not going to go farther after knowing that system files are compromised. That is enough for me to format and re-install.
Back to comp.os.linux.security | Previous | Next — Previous in thread | Next in thread | Find similar
Security breach? Ohmster <root@dev.nul> - 2013-01-10 23:29 -0600
Re: Security breach? Bit Twister <BitTwister@mouse-potato.com> - 2013-01-11 05:59 +0000
Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-11 06:10 +0000
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 02:45 -0600
Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-11 20:44 +0000
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 15:06 -0600
Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-11 22:26 +0000
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 16:45 -0600
Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-12 00:24 +0000
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 19:34 -0600
Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-12 02:16 +0000
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 21:04 -0600
Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-12 05:44 +0000
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-12 16:29 -0600
Re: Security breach? Bit Twister <BitTwister@mouse-potato.com> - 2013-01-13 03:01 +0000
Re: Security breach? GangGreene <GangGreene@example.com> - 2013-01-13 07:24 -0500
Re: Security breach? Bit Twister <BitTwister@mouse-potato.com> - 2013-01-13 14:51 +0000
Re: Security breach? GangGreene <GangGreene@example.com> - 2013-01-13 10:45 -0500
Re: Security breach? Jim Beard <jdbeard@patriot.net> - 2013-01-13 12:21 -0500
Re: Security breach? GangGreene <GangGreene@example.com> - 2013-01-13 12:59 -0500
Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-13 20:40 +0000
Re: Security breach? GangGreene <GangGreene@example.com> - 2013-01-13 16:14 -0500
Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-13 23:51 +0000
Re: Security breach? GangGreene <GangGreene@example.com> - 2013-01-14 09:59 -0500
Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-14 17:39 +0000
Re: Security breach? GangGreene <GangGreene@example.com> - 2013-01-14 16:16 -0500
Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-14 21:48 +0000
Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-13 20:35 +0000
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 17:05 -0600
Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-12 00:26 +0000
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 03:10 -0600
Re: Security breach? Bit Twister <BitTwister@mouse-potato.com> - 2013-01-11 11:31 +0000
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 15:53 -0600
Re: Security breach? Aragorn <stryder@telenet.be.invalid> - 2013-01-11 23:05 +0100
Re: Security breach? Richard Kettlewell <rjk@greenend.org.uk> - 2013-01-11 22:14 +0000
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 16:47 -0600
Re: Security breach? Bit Twister <BitTwister@mouse-potato.com> - 2013-01-12 00:26 +0000
Re: Security breach? Richard Kettlewell <rjk@greenend.org.uk> - 2013-01-12 09:23 +0000
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-12 16:31 -0600
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-12 16:36 -0600
Re: Security breach? Aragorn <stryder@telenet.be.invalid> - 2013-01-13 14:45 +0100
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 16:39 -0600
Re: Security breach? Bit Twister <BitTwister@mouse-potato.com> - 2013-01-12 00:08 +0000
Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-11 20:50 +0000
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 15:19 -0600
Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-11 22:30 +0000
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 16:49 -0600
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 02:36 -0600
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 02:52 -0600
Re: Security breach? "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2013-01-11 03:10 -0500
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 02:39 -0600
Re: Security breach? Richard Kettlewell <rjk@greenend.org.uk> - 2013-01-11 10:53 +0000
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 15:12 -0600
Re: Security breach? Aragorn <stryder@telenet.be.invalid> - 2013-01-11 22:53 +0100
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 15:57 -0600
Re: Security breach? Aragorn <stryder@telenet.be.invalid> - 2013-01-11 23:29 +0100
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 16:55 -0600
Re: Security breach? Aragorn <stryder@telenet.be.invalid> - 2013-01-11 23:59 +0100
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 17:07 -0600
Re: Security breach? Aragorn <stryder@telenet.be.invalid> - 2013-01-12 00:24 +0100
Re: Security breach? `blindshell' ...INFECTED (PORTS: 465) Ohmster <root@dev.nul> - 2013-01-11 17:48 -0600
Re: Security breach? `blindshell' ...INFECTED (PORTS: 465) Ohmster <root@dev.nul> - 2013-01-11 18:07 -0600
Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-12 00:16 +0000
Re: Security breach? Aragorn <stryder@telenet.be.invalid> - 2013-01-12 12:13 +0100
Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-12 18:30 +0000
Re: Security breach? Richard Kettlewell <rjk@greenend.org.uk> - 2013-01-11 22:07 +0000
Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 17:22 -0600
csiph-web