what to do when you've been rooted

Bob Blick bblick at saber.net
Sat Jan 20 17:27:50 PST 2001


Hi,

I find my computer has been cracked, and a root kit has probably been
installed.

It's running a redhat 6.2 system straigt off the cd. I know the hole was in
wu-ftpd, but I need to know which packages I should reinstall to make sure
I have cleaned out the files typically overwritten by a root kit.

Any links? I remember visiting a great site that was easy to understand and
pretty much just told what packages were likely targets. Unfortunately now
that I need it, I can't find it.

Be warned, everybody, if you have RH 6.2 on a machine, it is a prime
target. The "Ramen Worm" got a lot of press recently and three days ago I
got hit. Right now I took the machine off line until I fix it.

Thanks,

Bob Blick



More information about the talk mailing list