[Plug-security] I'm Cracked
Furmanek, Greg
Greg.Furmanek@hit.cendant.com
Tue, 15 Aug 2000 18:22:17 -0400
This only shows how important firewalls are....
The Wolf
-> -----Original Message-----
-> From: G.D.Thurman [mailto:thurmunit@user1.inficad.com]
-> Sent: Tuesday, August 15, 2000 3:12 PM
-> To: plug-security@lists.PLUG.phoenix.az.us
-> Subject: [Plug-security] I'm Cracked
->
->
-> It didn't take long, but my Red Hat 6.2 installation has
-> been cracked. I did a basic install and nothing else.
-> It appears as though somebody did an anonymous 'ftp'
-> and did something that allowed them to create two
-> accounts (scam and x). I cannot find any other files
-> that may have been copied onto the machine. The machine
-> will be re-installed sometime soon, but at this moment
-> the only thing I've done is remove 'ftp' from /etc/passwd,
-> deleted bogus accounts, and changed passwords on the
-> remaining user accounts. I'd like to do checksums
-> to see if programs such as passwd and login have been
-> replaced, but that is for another time.
->
-> Does anybody know how this crack was accomplished?
->
-> Thanks.
->
-> G.D.Thurman [CS/CIS Instructor] Scottsdale Community College
-> phone: 480.423.6110 fax: 480.423.6101 icq: 65265811
-> http://www.inficad.com/~thurmunit/ thurmunit@inficad.com
->
->
-> _______________________________________________
-> Plug-security mailing list - Plug-security@lists.PLUG.phoenix.az.us
-> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-security
->