what to do when you've been rooted

E Frank Ball frankb at efball.com
Sun Jan 21 11:45:19 PST 2001

} begin Devin Carraway quotation:
} > There are some trust issues in /home also, if you made
} > executables for yourself in there, but they're less common targets.
} Not just executables.  Dotfiles, too.  E.g., some of the more
} enterprising bad guys leave ~/.rhosts files behind as an additional 
} backdoor way of getting back in.

If this is on the internet they also shouldn't have rlogin access open
to the outside.  Goto /etc/inet.d and comment out login, exec, shell,
ftp, telnet, finger, and everything else you do not *NEED*.  Then block
most of what you left running with a firewall so it cannot be accessed
from outside.

   E Frank Ball                efball at efball.com

More information about the talk mailing list