[oclug] knark attack
Tom Goulet
tomg at nova.yi.org
Fri Jan 12 22:45:01 EST 2001
>system has been cracked by something called knark.
Yuck. Unfortunately, many distributions treat security casually or
worse. Fortunately, it can always be manually corrected.
>It all began (I think) with a connection on an illegal port. This was
Probably one or three of your running daemons was root exploited.
>I immediatly brought the system to a non-networked stated and now I am
>asking you guys: How to I secure my system???
Leave network cable unplugged.
Wipe filesystem.
Install from scratch.
After install, run lsof -i (as root) to see what ports are open.
Either remove the packages they belong to, or disable the services. For
details on how to do this, send another query to the list and we'll be
glad to help. :)
Once lsof -i (run as root) shows nothing, plug your network cable back
in.
Your system is now externally secure.
If you need to have one or two daemons listening, we can also tell you
how to secure those particular services.
Hope that's helpful.
TomG
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://tux.oclug.on.ca/pipermail/oclug/attachments/20010113/5dcb566b/attachment.bin
More information about the OCLUG
mailing list