[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] [RaQ3i] interesting hack symptoms

Subject: Re: [cobalt-security] [RaQ3i] interesting hack symptoms
From: Gossi The Dog <gossi@xxxxxxxxxxxxxx>
Date: Fri, 3 Nov 2000 13:01:24 +0000 (GMT)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Fri, 3 Nov 2000, Theodore Jones wrote:

> David,
>
> Thanks for the confirm.  I think I'll assume it's probably a false report on
> the bindshell backdoor due to some special cobalt configuration, unless anyone
> can offer up suggestions how to debug a bindshell trojan.  With today's species
> of Loadable Kernal Module exploits, this would probably be the least of my
> worries if I were truely compromised.

Do you have notes of the md5sums of any of your system files?

I'd strongly recommend downloading and installing the Cobalt RPMS for
'shadow' and the netutils.  This will restore things like login and
netstat.

Don't trust anything on your system now, as it might be comprised to hide
stuff :(

Follow-Ups:
- [cobalt-security] [RaQ3i] interesting hack symptoms
  - From: Theodore Jones

References:
- Re: [cobalt-security] [RaQ3i] interesting hack symptoms
  - From: Theodore Jones

Prev by Date: RE: [cobalt-security] [RaQ3i] interesting hack symptoms
Next by Date: RE: [cobalt-security] netstat-ing and finger service
Previous by thread: Re: [cobalt-security] [RaQ3i] interesting hack symptoms
Next by thread: [cobalt-security] [RaQ3i] interesting hack symptoms

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index