HPE Community
Operating System - Linux
1752292 Members
5033 Online
108786 Solutions
New Discussion юеВ

Re: Help with the hackers....

 
SOLVED
Go to solution
Bill_6
Advisor

тАО01-23-2001 11:42 AM

тАО01-23-2001 11:42 AM

Re: Help with the hackers....

I'd be willing to bet these are all related to the Ramen worm, http://xforce.iss.net/alerts/advise71.php since wu-ftp is being mentioned. Now would be a good time to go to ProFTP, http://www.proftpd.net/ if the service is needed.

I'd also bet money that that we'll see other variations that aren't specifically targeting Red Hat systems in the near future.
There's nothing fdisk can't fix
0 Kudos
Reply
Shannon Petry
Honored Contributor

тАО01-24-2001 03:33 AM

тАО01-24-2001 03:33 AM

Re: Help with the hackers....

Bill you hit the bullseye. I have not had much time to look at the hacked system, but RAMEN is definately the cause by the documentation.
Strange though that wu-ftpd was patched with the latest by Redhat, and rpc.statd was disabled....
I'll be looking at proftp and perhaps if that fails then just compiling from source wu-ftp.

Last question is how (since redhat does not notify) do I find out about these exploits before I am hacked?
This is twice I have had to dig at getting hacked and finding info in areas other than RH?

Thanks for most of your input!
Shannon
Microsoft. When do you want a virus today?
0 Kudos
Reply
Bill_6
Advisor

тАО01-24-2001 07:40 AM

тАО01-24-2001 07:40 AM

Solution

Re: Help with the hackers....

Glad I could help Shannon. I don't use Red hat so I'm not familiar with how they do things in their distro. I do know that they try to be on the bleeding edge though, so that may account for some of the problems they have as far as security and stability are concerned. They also have a history of their x.0 releases having problems.

Unfortunately there isn't one all encompasing security site that I have found. I find that browsing the commercial/government sites as well as the "hacker" sites is about the best compromise. I also keep an eye on alt.os.linux.security since it's active 24/7 with people from around the world posting. Here's some of my main security bookmarks.

http://www.attrition.org/
http://www.sans.org/newlook/home.htm
http://securityportal.com/
http://www.securityfocus.com/
http://www.infowar.com/
http://www.cert.mil/
http://rootshell.com/beta/news.html
http://www.infosyssec.org/
http://xforce.iss.net/

There's nothing fdisk can't fix
Reply
Bill_6
Advisor

тАО01-24-2001 07:47 AM

тАО01-24-2001 07:47 AM

Re: Help with the hackers....

oh, I forgot http://www.linux-firewall-tools.com/linux/ as well.
There's nothing fdisk can't fix
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.