[99553] in RedHat Linux List
Re: Have I ben hacked/cracked???
daemon@ATHENA.MIT.EDU (Ramon Gandia)
Sun Nov 15 15:24:28 1998
Date: Sun, 15 Nov 1998 11:20:26 -0900
From: Ramon Gandia <rfg@nook.net>
To: redhat-list@redhat.com
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
mike yoyo wrote:
>
> Hi their, I recompiled my kernel today and see some thing that alarmed
> me, half way thrue the compile. Im using kernel 2.0.34
> I saw this #warning Alans Hack Is Alive,,,, Who the hell is Allan?
> Then I looked in my logs, every thing looked normal. So I tryed anouther
> kernel 2.0.35 this time, damn Allan Hack Is Alive,,,,,, Grrrr
> any one shine some light on this....? Thanks.
A couple of weeks ago I posted things about the ROOTKIT. When
used by hackers, it not only doctors the log files, it also
installs filters in the logging programs, ls, less, more and
so on so that log entries pertaining to the hacker's work remain
invisible.
The latest rootkit makes sure that all modified files retain the
same crc and file length, and are claim to be proof against the
rpm -V finding them.
You need to read about rootkits. If you still think you have
been hacked, then by all means format the hard drive and start
again. Use the notes you took when you installed Linux so you
can rebuild your configuration files, etc.
What? You took no notes? Shame, shame!
--
Ramon Gandia ==== Sysadmin ==== Nook Net ==== http://www.nook.net
285 West First Avenue rfg@nook.net
P.O. Box 970 tel. 907-443-7575
Nome, Alaska 99762-0970 ======================= fax. 907-443-2487
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com http://archive.redhat.com
To unsubscribe: mail redhat-list-request@redhat.com with
"unsubscribe" as the Subject.
