By xL
Fri Aug 8th, 2003 at 11:10:28 PM EST
Last month, a crazed call from a customer I was about to reel in with a hosting deal gave me another glance into the woeful state of internet security. A debian machine, acting as a proxy for some of his most important customer websites, had gone haywire. It refused to deliver mail and there was trouble getting in through ftp. A quick look over SSH confirmed a nasty suspicion: The machine had been compromised and run over by a rootkit. Although the break-in and installation of the rootkit had been done clumsily, the potential of deception that the software had, were it installed by an able person instead of a script kiddy, was chilling.