[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] I've been hacked -- now what do I do?

Subject: Re: [cobalt-security] I've been hacked -- now what do I do?
From: Gossi The Dog <gossi@xxxxxxxxxxxxxx>
Date: Mon, 6 Nov 2000 21:04:56 +0000 (GMT)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Mon, 6 Nov 2000, Chris Maxwell, WDSL Inc. wrote:

> Hello Steve,
>
> Why don't you just go into the /etc/rc#.d directories, and run
>
> grep nothing * |more

It might be started elsewhere though, remember.

Probably worth doing locate nothing, finding the binary, running "strings"
on it and generally seeing if it looks sus.

All the Cobalt RPMS are available from ftp.cobaltnet.com (which is running
exploitable proftpd I might mention, as is ftp.cobalt.com, and the rest of
the Cobalt network), if you want to reinstall the key system compontents.
You'll need to reapply the OS3 update and security updates afterwords,
however.

References:
- Re: [cobalt-security] I've been hacked -- now what do I do?
  - From: Chris Maxwell, WDSL Inc.

Prev by Date: Re: [cobalt-security] I've been hacked -- now what do I do?
Next by Date: Re: [cobalt-security] I've been hacked -- now what do I do?
Previous by thread: Re: [cobalt-security] I've been hacked -- now what do I do?
Next by thread: RE: [cobalt-security] I've been hacked -- now what do I do?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index