[ale] Linux Firewall
Mark Bedish
mark at gwsi.com
Thu Apr 8 12:24:24 EDT 1999
Hi,
First off let me just say that I've learned quite a bit just being on
the list and appreciate the frank discussion. I'm no expert at anything,
just like to dally in different things, but I have a question that I
hope someone out there can give me guidance on.
The company I work for uses a linux box running RedHat 5.0 as our
firewall, gateway to the Internet and to forward email to our internal
mail server. Recently we were hacked by someone using an "eggdrop", or
something of the sort that set up users with root privilege. We were
alerted to the fact that this had happened our mail service failed when
the intruder changed the IP address in resolv.conf and changed our.
Because of this break in, we went through and removed all the services
that seemed excessive to our base needs and patched ftpd, because we
believed at the time that is how they got in, /var/log/messages showed
that the process running anonymous ftp overflowed a stack buffer, and
after that moment the intrusion began.
Well it appears that we have been hacked again, with someone setting up
users with root privilege, no damage has been done thankfully but it is
a little disconcerting. This time there is no clear indication of how
they got in. Should I disable anonymous ftp? Has anyone else experienced
anything like this or have any suggestions, we are planning an upgrade
to 5.2 soon.
Thanks,
Mark Bedish
GWiz Systems, Inc.
More information about the Ale
mailing list