Anatomy of Hack (Revisited)

It appears that a box that I administer for a friend was compromised. Seems that the some script kiddies launched a dictionary attack against the ssh daemon. Yep, I was careless and stupid. Luckily, these crackers only wanted to run an IRC relay. After using a brute force method of gaining root access, they simply installed the script in /root. It seemed odd that running 'ifconfig -a' would yield eth0:1 ... eth0:295. Not good.

I told my friend to shutdown the box immediately and pull the hard drive. We later reinstalled the OS (it was previously running unstable/testing sarge). Once Debian Etch was installed, I immediately modifed /etc/ssh/sshd_config to _not_ allow root login and to listen on a port other than 22. I also disabled password authentication, now only approved keys can be used to gain access. Problem solved.

  • Importance of Loopback Device
  • Importance of Loopback Device
  • Hiatus
  • Security Advisory
  • Monthly Archives


    OpenID accepted here Learn more about OpenID
    Powered by Movable Type 4.25

    About this Entry

    This page contains a single entry by AG published on June 28, 2007 5:38 AM.

    Quest for $100 laptop ended.. was the previous entry in this blog.

    Trixbox 2.2 is the next entry in this blog.

    Find recent content on the main index or look in the archives to find all content.