My firewall was cracked!
Anthony J. Gabrielson
agabriel at coe.neu.edu
Wed Feb 21 12:14:01 EST 2001
Does he know which service that individual got in through? He had to have
something running for a service in order for them to get in.
That's to bad - he has some work in front of him.
Anthony
On Wed, 21 Feb 2001, Christoph Doerbeck A242369 wrote:
>
> Well, it wasn't mine, but a friends firewall box ( i486 running Slackware )
> was recently cracked (notice that I used the proper term).
>
> Anyway, his system was supposedly tied down pretty good. All exterior
> facing services were additionally shunted by ipchain rules,
> yet someone still managed to get on and start unpacking a rootkit
> of some kind.
>
> Fortunately the kit was tailored for RedHat, and that's how he detected
> that he had been violated. A lot of system binaries (ls, df, login) were
> replaced and because they were redhat built they didn't work on his
> slackware system. I'm not sure of the exact details but...
>
> Assuming he had a good firewall configuration, does anyone have hints on
> what exploits the cracker may have used to get access?
>
> Has anyone heard of exploits regarding Linksys or other
> popular cable firewalls?
>
> - Christoph
>
>
> -
> Subcription/unsubscription/info requests: send e-mail with
> "subscribe", "unsubscribe", or "info" on the first line of the
> message body to discuss-request at blu.org (Subject line is ignored).
>
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).
More information about the Discuss
mailing list