On Tue, Jun 05, 2001 at 08:05:34AM +0100, Alan Cox wrote:
> > is curious as to how these folks did this. They exploited BIND 8.2.3
> > to get in and logs indicated that someone was using a "back door" in
>
> Bind runs as root.
>
> > We are unable to determine just how they got in exactly, but they
> > kept trying and created an oops in the affected code which allowed
> > the attack to proceed.
>
> Are you sure they didnt in fact simply screw up live patching the kernel to
> cover their traces
Could have. The kernel is unable to dismount the root volume when booted.
I can go through the drive and remove confidential stuffd and just leave
the system intact and post the entire system image to my ftp server.
I have changed all the passwords on the server, so what's there is no
big deal. This server was public FTP and web/email, so nothing really
super "confidential" on it.
Jeff
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Jun 07 2001 - 21:00:40 EST