AG's Blog: Anatomy of Hack (Revisited)

� Quest for $100 laptop ended.. | Main | Trixbox 2.2 �

June 28, 2007

Anatomy of Hack (Revisited)

It appears that a box that I administer for a friend was compromised. Seems that the some script kiddies launched a dictionary attack against the ssh daemon. Yep, I was careless and stupid. Luckily, these crackers only wanted to run an IRC relay. After using a brute force method of gaining root access, they simply installed the script in /root. It seemed odd that running 'ifconfig -a' would yield eth0:1 ... eth0:295. Not good.

I told my friend to shutdown the box immediately and pull the hard drive. We later reinstalled the OS (it was previously running unstable/testing sarge). Once Debian Etch was installed, I immediately modifed /etc/ssh/sshd_config to _not_ allow root login and to listen on a port other than 22. I also disabled password authentication, now only approved keys can be used to gain access. Problem solved.

Posted by AG at June 28, 2007 5:38 AM

AG's Blog

Technical musings, Open Source evangelism, and occasional personal rambling for anyone who cares to read it..

June 28, 2007

Anatomy of Hack (Revisited)