My firewall was cracked!
Christoph Doerbeck A242369
cdoerbec at cso.fmr.com
Wed Feb 21 09:20:22 EST 2001
Well, it wasn't mine, but a friends firewall box ( i486 running Slackware )
was recently cracked (notice that I used the proper term).
Anyway, his system was supposedly tied down pretty good. All exterior
facing services were additionally shunted by ipchain rules,
yet someone still managed to get on and start unpacking a rootkit
of some kind.
Fortunately the kit was tailored for RedHat, and that's how he detected
that he had been violated. A lot of system binaries (ls, df, login) were
replaced and because they were redhat built they didn't work on his
slackware system. I'm not sure of the exact details but...
Assuming he had a good firewall configuration, does anyone have hints on
what exploits the cracker may have used to get access?
Has anyone heard of exploits regarding Linksys or other
popular cable firewalls?
- Christoph
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).
More information about the Discuss
mailing list