what to do when you've been rooted
Bob Blick
bblick at saber.net
Sat Jan 20 17:27:50 PST 2001
Hi,
I find my computer has been cracked, and a root kit has probably been
installed.
It's running a redhat 6.2 system straigt off the cd. I know the hole was in
wu-ftpd, but I need to know which packages I should reinstall to make sure
I have cleaned out the files typically overwritten by a root kit.
Any links? I remember visiting a great site that was easy to understand and
pretty much just told what packages were likely targets. Unfortunately now
that I need it, I can't find it.
Be warned, everybody, if you have RH 6.2 on a machine, it is a prime
target. The "Ramen Worm" got a lot of press recently and three days ago I
got hit. Right now I took the machine off line until I fix it.
Thanks,
Bob Blick
More information about the talk
mailing list