I've been hacked too (full version)

[pariskh at datasys.com.mx (Paris valdespino)]

Hi

Sorry about yesterday)B?s  mail  it wasn?t  very   precise
I had    Mandrake  7.1    and   Bind ( I)B?m not  sure about the version but
i think it  was  8) runing  on a  i686.  I  was  cheking  the  /var/log
messagess  when  sudenly   a message arrived  "you have new mail", well
that)B?s normal, but  again  a second  arrived  and so on .   I opened  pine
and  I found  that there were returned   mails  with  the  subject "user not
available"  ?
I  recived  about 1550 returned  mails  from unknown people  all addressed
to popmaster.
In all  the mails  that  I read,    a guy   was  advertaicing his  skills
to obtain  hacked  credit cards .
I  was  shocked ,   and  I   looked  the   messages  of  /var/log/  at the
firewall  and  I found  something like :

 ipchains    some-options   type-of- package    my-server)B?s-ip-address: 3
victim)B?s-ip-address:3   L=     #45

In each  message file   there  were about a hundred lines of that stuff . I
think that someone  was  scaning   the  web from my computer. I have cleaned
my server and  installed  all my stuff again  but,  how  can I know if   my
firewall  and  my router are  still hacker-free ?

I had  a cisco 1601,  software version 12.0.5 without the  feature pack and
my firewall runs  RH 6.1

thanks in advance

Paris


-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).