[TriLUG] /etc/sysconfig/iptables suddenly gone missing?
Brian Henning
bhenning at pineinst.com
Fri Sep 10 13:17:03 EDT 2010
On Fri, Sep 10, 2010 at 12:34, Matt Flyer <matt at noway2.thruhere.net> wrote:
> Also, keep in mind that in Linux ports are not open unless an
> application opens them. Having a firewall in place is a good line of
> defense, but the lack of it won't in and of itself cause a serious
> compromise.
True enough, but the real cause for concern (beyond potentially exploitable services, listening on *:????, now being exposed to the outside world) is the fact that it happened at all. Why? Did someone break in and do it? If so, what else did they do?
Matt then went on (in a later message) to give several very useful suggestions for investigation.
Thanks a lot to everyone who has responded (or will respond)!
Cheers,
~Brian
More information about the TriLUG
mailing list