[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] HACK on RAQ3i
- Subject: [cobalt-security] HACK on RAQ3i
- From: kcelik@xxxxxxxxxxxxxx
- Date: Sat, 3 Mar 2001 17:53:28 +1100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi,
we have just traced a hack into our primary NS its a Trin00 Deamon for
DDOS attacks.
The funny thing is that this box has no Virtual sites and no ftp but
Telnet enabled on it. I can't see how they would have accessed the root
shell. We continously change our paswwords on a rolling week basis and to
be honest rarely telnet to the box anyway.
I have had applied all patches from cobalt to this box and yet the hack
was established. One of the signature files was an erase of the
/var/log........ Message, secure and some other log files.
Also it took us sometime to trace the attack as it was being initiated
from our box out as DDOS attacks are this type.
Appart from the log files are ther any other hidden logs I can view to see
what has take place???
Is my only recourse a Recovery CD. What else can I do track the
SH#$@#@$#@$@$@#$ head who did this...
Regards KEN
____________________________________________________________________
Kenedi Celik Email: Kcelik@xxxxxxxxxxxxxx
Mob: +614 12 980 980