Re: some attack to fedora machine .

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2008-04-11 at 13:18 +0300, Antti J. Huhtala wrote:
> to, 2008-04-10 kello 21:50 -0400, max kirjoitti:
> > Edwin Tan wrote:
> > > hi Subhodip,
> > > Please check below link for antivirus program download for linux.
> > > 
> > > http://www.avast.com/eng/download-avast-for-linux-edition.html
> > > 
> > > thanks.
> > > 
> > 
> > Running virus scans is a waste of time. If you believe its compromised 
> > wipe the drive and flash the bios. I don't mean just format and install 
> > either. Write zeros (maybe more than once) to the harddrive. Make sure 
> > the MBR does not survive. Do not backup anything! if you have something 
> > that you absolutely cannot do with out, I don't mean MP3's either, then 
> > back that up to a cd and label it clearly and scan only that, more than 
> > once with multiple antivirus scanners, rootkit scanners, use windows and 
> > Linux antivirus scanners and rootkit hunters. if these are something for 
> > which you have a checksum then makesure that it matches the original no 
> > matter what or shred it. Yes i mean physically shred or otherwise 
> > destroy the cd. If the the files fail a single test, consider them 
> > tainted and destroy them. Flash the bios because there are viruses that 
> > will compromise the BIOS, these will be cross platform, they will affect 
> > any machine with any OS. Make sure that any external drives that have 
> > ever come into contact with the infected machine get the same treatment. 
> > Wipe it completely clean!
> > 
> > Max
> > 
> A spot of overkill, perhaps?
> 
> In my modest experience my Linux box has been compromised thŕee (3)
> times that I know of. The first was an RH 6.2 box, and my present box
> has been invaded twice, first during the FC6 era and then soon after my
> F8 installation last December.
> Each and every time the invader came in through ssh. Against my better
> judgement in installing F8 I allowed ssh to remain a "secure service" as
> suggested by the F8 installer. Well, it proved not to be.
> 
> There seem to be some "sportsmen" out there who just can't resist the
> temptation of an open ssh port. Now, if I plan to use ssh to connect to
> my box from a remote location, I'm going to have iptables rules to allow
> ssh only from known addresses. Not very flexible, perhaps, but I don't
> want to allow these sportsmen in again.
> 
> In each case, just wiping the installation clean and reinstalling with
> ssh port closed seems to have done the trick.
> 
> My 2 c.

I'm not sure anyone's pointed this out as yet (not from what I've read
though), but the very fact there's a window$ box on the network is a
risk in itself. Window$ maybe Window$, and *nix *nix, but because window
$ is not as secure it is possible to gain use this to gain a foothold
and attack the *nix machine from the relative comfort of an armchair...

Given the monstrous number of attacks and exploits for M$ products it is
really a risk which can't be ignored. I'd be adjusting all possible
settings NOT to trust the M$ box- only if it can't be removed from the
scene altogether. And thats not just a hate/revenge thing.

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux