Re: TRG vger.timpanogas.org hacked

Jeff V. Merkey (jmerkey@vger.timpanogas.org)
Tue, 5 Jun 2001 11:30:51 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Daniel Phillips: "Re: Missing cache flush."
Previous message: davide.rossetti: "Re: semaphores and noatomic flag"
In reply to: Alan Cox: "Re: TRG vger.timpanogas.org hacked"

On Tue, Jun 05, 2001 at 08:05:34AM +0100, Alan Cox wrote:
> > is curious as to how these folks did this. They exploited BIND 8.2.3
> > to get in and logs indicated that someone was using a "back door" in
>
> Bind runs as root.
>
> > We are unable to determine just how they got in exactly, but they
> > kept trying and created an oops in the affected code which allowed
> > the attack to proceed.
>
> Are you sure they didnt in fact simply screw up live patching the kernel to
> cover their traces

Could have. The kernel is unable to dismount the root volume when booted.
I can go through the drive and remove confidential stuffd and just leave
the system intact and post the entire system image to my ftp server.

I have changed all the passwords on the server, so what's there is no
big deal. This server was public FTP and web/email, so nothing really
super "confidential" on it.

Jeff

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Daniel Phillips: "Re: Missing cache flush."
Previous message: davide.rossetti: "Re: semaphores and noatomic flag"
In reply to: Alan Cox: "Re: TRG vger.timpanogas.org hacked"