On Sunday 25 May 2003 20:04, Jayson Vantuyl wrote:
> We've had a number of hacked boxen recently. It appears a certainI have two boxen running connected to the internet, one is Debian Kernel Image
> person (Romanian we think) is specifically targeting us and our
> customers (looks like he hit a machine and found connections from others
> in their logs, went from there).
+ all latest available security fixes for debian, the other one is almost the
same but with 2.4.20-wolk4.1s enabled all grsecurity stuff.
Both machines are connected for a long time now, both on the same ip subnet
The first, debian kernel image machine, was hacked 37 times in 1 year, the
So the way to go is absolutely grsecurity if you want to be very safe even
> The part that bothers me is that all of these systems were updated towhat mailserver do you run on 25? what type of webserver (if so on port 80)
> the newest versions on debian.security.org (if apt-get was doing its
> job) and firewalled down to just the ports we needed (22, 25, 53, 80).
and what nameserver? Bind? ;)
> While I don't like this (OpenSSH is open and it should be that way), hasNo public exploits are known for the most recent OpenSSH version v3.6.1p2,
> anyone else had this kind of experience? Is there some big hack I
> should know about?
which does _not_ mean there are no exploits.
> I've checked CERT and the SANS list. Both of them were helpful, butyes, with the machine/software packages w/o grsecurity/PaX support.
> most of the answers said "run the newest version of X", which I have
> assumed apt-get fixed (in stable at least). I mean, some versions were
> older, but I had heard most of them had backported fixes. Is this
> happening to anyone else?
Personally I don't trust those so called "security updates". I always compile
Don't get me wrong. I don't say that the security updates are not safe. It is
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.