[100500] in RedHat Linux List
Re: Hacked! :(
daemon@ATHENA.MIT.EDU (Nikki Cook)
Sat Nov 21 07:48:37 1998
From: Nikki Cook <sunny@mail.suntrix.com>
Reply-To: sunny@mail.suntrix.com
To: redhat-list@redhat.com
Date: Sat, 21 Nov 1998 06:20:04 -0500
Resent-From: redhat-list@redhat.com
<preach>
Aren't those words just ringing in the ears of lots of folks? David, you're not
alone.
By me posting this, I'm calling attention to our company's system. I expect
our logs to show more pokes than I've seen in a while after this hits the
list. We don't know who's on this list or what illegal action they are willing
to take. We don't know that when we post detail, who's out there taking
notes. But I feel this is important to say here, on this list, where the
RedHat community talks to each other.
For those of you who haven't <for whatever reason> taken measures to use all
that is available to protect your system, keep in mind that you have the power
to be proactive about this issue.
This is a point that may be lost on some. While you're protecting yourself,
you're also taking steps to protect the rest of the internet community. Every
machine that is broken into is a jump off point for an individual to locate
other vulnerable machines. Anything from just getting a free account to out
right criminal activity may be the focus of a break in. According to CERT, you
may be held liable.
I spend more time than I care to think about notifying admins and their uplinks
about the information our system gleans. You'd be amazed if you knew some of
the (supposedly trusted) places I've sent notifications that subsequently
acknowledged a break in and verified measures they had taken to correct the
incident. Then there's more time used to "practice what we preach" to the best
of our ability.
In my opinion, the fact that we RedHat'ers are a strong community could and
should lend itself to being _proactive_ on security issues. Many are, but many
aren't.
I'm not just talking about you applying "here-fix-there-fix", I'm talking
about making sure that if your machine is connected to the internet that you,
as the administrator of it, do everything you can: use the tools available to
log, apply the security fixes that are posted for us (on an incredibly timely
basis), check passwd vulnerability and change them regularly, turn off
unnecessary services, etc.... but most important, NOTIFY! If an admin doesn't
know his/her machine has been compromised, how can he/she possibly fix it.
If you're compromised, we're all vulnerable. There are many places that have
current information on exploits, tools, and recovering information (CERT,
FIRST, BUGTRAQ, RootShell. etc.). I suggest if you haven't taken action, that
you begin right now, or you may be saying those famous last words too.
</preach>
On Fri, 20 Nov 1998, David E. Fox wrote:
>Well, I never thought it might happen to me, but apparently over
>the last few days my system was broken into
--
Nikki Cook
Kerry Webb
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SunTrix Com Internet Services
Daytona Beach, Florida
PPP and Shell Accounts (904) 258-5434
WEB Design webdesign@mail.suntrix.com
http://www.suntrix.com
WEBBnet IRC Network
irc.webbnet.org | irc.us.webbnet.org
ftp://ftp.suntrix.com | mail.suntrix.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com http://archive.redhat.com
To unsubscribe: mail redhat-list-request@redhat.com with
"unsubscribe" as the Subject.
