"Over the last two weeks, I've discussed how to prevent
crackers from gaining access to your Linux computer (see 10 minutes
to an iptables-based Linux firewall and How to stop crackers with
PortSentry). This week, we continue the series with ways you can
tell if someone has cracked your machine.
Script kiddie are the worse kinds of crackers, primarily because
there are so many of them and most of them are unskilled. It is one
thing to be cracked when you have put in all the correct patches,
have a tested firewall, and run advanced intrusion detection
actively on multiple levels. It is another when you are cracked
because you were lazy and didn't, for example, install the latest
patch to BIND.
It's embarrassing to be cracked because you weren't paying
attention. It's aggrevating to realize that some script kiddie
downloaded one of many well known "root kits" or publicly available
exploits, and is having a party with your CPU, storage, data, and
bandwidth. How do these villians get started? With "warez," which
often consists of a root kit."