[CLUE-Tech] Hacker question
Chris Tubutis
ctubutis at yahoo.com
Thu Jul 31 18:07:08 MDT 2003
On 31 Jul, Mike Staver wrote:
> Besides upgrading to RedHat 9 on these boxes (which isn't an option
> yet), how can I protect myself, and who should I report this activity
> to?? I now don't get to go home tonite to spend time with my family,
> I'm forced to rebuild these damned boxes from scratch once again.
Figure out how the bad guys got in and what they did, it's possible
there are indications in the system logs. Learn something ahead of time
about what the possible threats are and what to do about them. Subscribe
to things like BugTraq and the CERT lists and the Red Hat Network Errata
Alerts and maybe ApacheWeek and any Samba lists and anything else
related to the software you're running to try to keep up with
vulnerabilities and patches. Don't rely on any one of them, use all of
them. Open up only what is needed, everything else gets closed off via
multiple methods. Trust nothing. Don't rely exclusively on firewalls,
"security" is accomplished by many different overlapping items. I'd be
hard pressed to make chargen, *rpc and netbios* available on any machine
connected to the Internet. I think RHN has released errata over the past
several days concerning OpenSSH and Samba and various kernels but don't
quote me on that, go look in the archives. Who to report it to? Prolly
CERT, I don't think the FBI will be any help. Neither will CERT, really,
but you can at least let them know of your experience so they'll be able
to warn others.
ct
More information about the clue-tech
mailing list