[PLUG] Questions regarding compromised system

[Russell Senior]

FWIW, we recently had a PTP box exploited, apparently using a
vulnerability in Cacti.  At least it got hammered DoS'd into
inoperability.  There are some indications that they were never able
to complete their exploit, because the script they wanted to download
at first couldn't get through the captive portal and/or because the
directory they were trying to copy the script to didn't have
compatible write permissions.

However, we rebooted the machine before we really figured out for sure
what they had managed to do.  Because of the uncertainty, we
reinstalled from scratch, which had the downside (or perverse benefit,
though that is hard to see at the moment) of having to re-figure out
how to configure Cacti for what we wanted to do.  We made a copy of
the compromised system first.

For reasons I don't quite understand, despite a bug being filed about
the vulnerability and now, subsequently resolved, it never got a
mention on the Debian Security Advisory, even to this day.


-- 
Russell Senior, Secretary
russell at personaltelco.net