[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] Another Raq3 Hack
- Subject: RE: [cobalt-security] Another Raq3 Hack
- From: "David Conorozzo" <davidc@xxxxxxxxxxxxxxxxx>
- Date: Thu, 15 Feb 2001 09:43:18 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
I had 2 hacks... they both had that. On one box that pid was dead, on the other it was active. One box was a 4r and the other a 3i. They were both completely different hacks.
David Conorozzo
PC Assistance, Inc.
>>> "Tony" <isplists@xxxxxxxxxxxx> 02/15/01 02:18AM >>>
++Raq3 with all Patches:
+
+Ran Chkrootkit and got
+
+Checking `netstat'... INFECTED
+
+in.smb was enabled in inetd.conf
+
+Both init and in.smb in /usr/sbin had the same time stamp.
+
+Is it possible to plug this up without flattening the box?
Also found this on this Raq and not on any others:
/root/.la.pid
Anyone have any idea which process la is?
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security