Re: Looks Like A Cracker Has Been In

[Tobias Diedrich <ranma@example.com>]

Dennis McMurchy wrote:

>   Imagine my shock and horror to discover that an intruder had logged
> into my system.  I know this must sound awfully naive, but I'm rarely
> online for more than a few minutes at a time, so I never thought much
> about the fact that I do run a 'telnet' server (in spite of the known
> security risks).  That particular day, /var/log/messages shows that
> I was actually online for a whole 107 minutes at a stretch!

Running a telnet server is not the actual problem.
The intruder had to create an account ("games") on your machine first
or guess the password of an existing account.
He probably used a buffer overflow or some other vulnerability to enter
and create his account. Disabling the telnet server doesn't help much,
but you should disable all unused services and keep track of security
updates...
Using ipchains or iptables would be a good idea too...

-- 
Tobias
nya~ni ?