Re: some attack to fedora machine .
- From: Da Rock <rock_on_the_web@xxxxxxxxxxxxx>
- Date: Fri, 11 Apr 2008 23:47:42 +1000
On Fri, 2008-04-11 at 13:18 +0300, Antti J. Huhtala wrote:
to, 2008-04-10 kello 21:50 -0400, max kirjoitti:
Edwin Tan wrote:A spot of overkill, perhaps?
hi Subhodip,
Please check below link for antivirus program download for linux.
http://www.avast.com/eng/download-avast-for-linux-edition.html
thanks.
Running virus scans is a waste of time. If you believe its compromised
wipe the drive and flash the bios. I don't mean just format and install
either. Write zeros (maybe more than once) to the harddrive. Make sure
the MBR does not survive. Do not backup anything! if you have something
that you absolutely cannot do with out, I don't mean MP3's either, then
back that up to a cd and label it clearly and scan only that, more than
once with multiple antivirus scanners, rootkit scanners, use windows and
Linux antivirus scanners and rootkit hunters. if these are something for
which you have a checksum then makesure that it matches the original no
matter what or shred it. Yes i mean physically shred or otherwise
destroy the cd. If the the files fail a single test, consider them
tainted and destroy them. Flash the bios because there are viruses that
will compromise the BIOS, these will be cross platform, they will affect
any machine with any OS. Make sure that any external drives that have
ever come into contact with the infected machine get the same treatment.
Wipe it completely clean!
Max
In my modest experience my Linux box has been compromised thŕee (3)
times that I know of. The first was an RH 6.2 box, and my present box
has been invaded twice, first during the FC6 era and then soon after my
F8 installation last December.
Each and every time the invader came in through ssh. Against my better
judgement in installing F8 I allowed ssh to remain a "secure service" as
suggested by the F8 installer. Well, it proved not to be.
There seem to be some "sportsmen" out there who just can't resist the
temptation of an open ssh port. Now, if I plan to use ssh to connect to
my box from a remote location, I'm going to have iptables rules to allow
ssh only from known addresses. Not very flexible, perhaps, but I don't
want to allow these sportsmen in again.
In each case, just wiping the installation clean and reinstalling with
ssh port closed seems to have done the trick.
My 2 c.
I'm not sure anyone's pointed this out as yet (not from what I've read
though), but the very fact there's a window$ box on the network is a
risk in itself. Window$ maybe Window$, and *nix *nix, but because window
$ is not as secure it is possible to gain use this to gain a foothold
and attack the *nix machine from the relative comfort of an armchair...
Given the monstrous number of attacks and exploits for M$ products it is
really a risk which can't be ignored. I'd be adjusting all possible
settings NOT to trust the M$ box- only if it can't be removed from the
scene altogether. And thats not just a hate/revenge thing.
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
- Follow-Ups:
- Re: some attack to fedora machine .
- From: Mikkel L. Ellertson
- Re: some attack to fedora machine .
- References:
- some attack to fedora machine .
- From: subhodip biswas
- Re: some attack to fedora machine .
- From: Edwin Tan
- Re: some attack to fedora machine .
- From: max
- Re: some attack to fedora machine .
- From: Antti J. Huhtala
- some attack to fedora machine .
- Prev by Date: Re: how to delete some iptables items
- Next by Date: Re: NetworkManager - similar hassle , anyone ?
- Previous by thread: Re: some attack to fedora machine .
- Next by thread: Re: some attack to fedora machine .
- Index(es):
Relevant Pages
|
