[TriLUG] I've got intruders!!
Neil L. Little
nllittle at vnet.net
Mon May 15 21:02:24 EDT 2006
I recently discovered that the web server I have been working on has
been comprimized and is relaying spam. Because it was a test server
there nothing is really important lost but it does kinda tick me off.
Of course I have taken it off the network but now I need to see how
"they" got in ,what was done, and what I did wrong.
I'm thinking a hole in my firewall. Also, rootkit. Then what they did to
Sendmail (thats a little further down on the list and unimportant right
I remember that I had a problem testing my firewall because TWC has one
up on the their cable modem and it led me astray for a while thinking I
had the telenet port open.
Can any one suggest some reading material on the subject at hand?
My initial search came up with:
Real World Linux Security: Intrusion Prevention, Detection and Recovery
by Box Toxen
Linux Servier Security by Michael D. Bauer.
Is there a definitive (or just usefull) book out there for someone just
discovering that he crapped out in the security turkey shoot?
Thanks in advance for the help!
Neil Little, WA4AZL
JARS Forever!! ..er TRILUG too!!
Spammers = 1, Home team = 0
More information about the TriLUG