what to do when you've been rooted
E Frank Ball
frankb at efball.com
Sun Jan 21 11:45:19 PST 2001
} begin Devin Carraway quotation:
} > There are some trust issues in /home also, if you made
} > executables for yourself in there, but they're less common targets.
} Not just executables. Dotfiles, too. E.g., some of the more
} enterprising bad guys leave ~/.rhosts files behind as an additional
} backdoor way of getting back in.
If this is on the internet they also shouldn't have rlogin access open
to the outside. Goto /etc/inet.d and comment out login, exec, shell,
ftp, telnet, finger, and everything else you do not *NEED*. Then block
most of what you left running with a firewall so it cannot be accessed
E Frank Ball efball at efball.com
More information about the talk