Re: Email (Major Problem) =>

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



CodeHeads wrote:
> If I completely redid "both" machines how can I have a root kit???

*Exactly* the same way you had one before. You had a vulnerability
before, through which an attacker broke in and installed a root kit. If
you then installed the same software from scratch, obviously you will
have reinstalled the vulnerability. The attacker can then use exactly
the same exploit to get in.

As for "how it happened" so quickly, remember that the attacker knows
that there has been a history of vulnerable computers at that IP
address [1] -- so it's worth trying the same tricks (and related tricks)
again.

It wouldn't be that difficult to write a "control program" that checked
to see which computers it "0wnz", and which of them are on-line. If a
computer goes off-line, it could keep an eye on that IP address or DNS
name (and possibly nearby ones) to see if a "cleaned" computer came back
on-line -- in which case, it would want to re-install the rootkit before
the legitimate administrator could install a fix.

You *really* need to rethink your software. yum update won't help for
this -- you will need to change to a more secure package, if there
aren't any fixed versions.

James.

[1] If I remember right, we think the vulnerability was in a web
server-side script. That sort of implies a website, DNS resolution, and
probably fixed IP addresses.

-- 
E-mail address: james | Examiner: How does an AC motor start?
@westexe.demon.co.uk  | Student: vrrrrrrrrrrRrRRRRRRR...
                      | Examiner: Stop! Stop!
                      | Student: RRRRRRRmmmmm.

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux