[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] [RaQ3i] interesting hack symptoms
- Subject: Re: [cobalt-security] [RaQ3i] interesting hack symptoms
- From: Gossi The Dog <gossi@xxxxxxxxxxxxxx>
- Date: Fri, 3 Nov 2000 13:01:24 +0000 (GMT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Fri, 3 Nov 2000, Theodore Jones wrote:
> David,
>
> Thanks for the confirm. I think I'll assume it's probably a false report on
> the bindshell backdoor due to some special cobalt configuration, unless anyone
> can offer up suggestions how to debug a bindshell trojan. With today's species
> of Loadable Kernal Module exploits, this would probably be the least of my
> worries if I were truely compromised.
Do you have notes of the md5sums of any of your system files?
I'd strongly recommend downloading and installing the Cobalt RPMS for
'shadow' and the netutils. This will restore things like login and
netstat.
Don't trust anything on your system now, as it might be comprised to hide
stuff :(