[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] HACK on RAQ3i

Subject: [cobalt-security] HACK on RAQ3i
From: kcelik@xxxxxxxxxxxxxx
Date: Sat, 3 Mar 2001 17:53:28 +1100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi,

we have just traced a hack into our primary NS  its a  Trin00 Deamon for 
DDOS attacks.

The funny thing is that  this box has no Virtual sites and no ftp but 
Telnet enabled on it. I can't  see how they would have accessed the root 
shell. We continously change our paswwords on a rolling week basis and to 
be honest rarely telnet to the box anyway.

I have had applied all patches from cobalt to this box and yet the hack 
was established. One of the signature files was an erase of the 
/var/log........ Message, secure and some other log files.

Also it took us sometime to trace the attack as it was being initiated 
from our box out as DDOS attacks are this type.

Appart from the log files are ther any other hidden logs I can view to see 
what has take place??? 

Is my only recourse a Recovery CD. What else can I do track the 
SH#$@#@$#@$@$@#$ head who did this...



Regards  KEN

____________________________________________________________________
Kenedi Celik Email:  Kcelik@xxxxxxxxxxxxxx
Mob:   +614 12 980 980

Follow-Ups:
- RE: [cobalt-security] HACK on RAQ3i
  - From: Mr. M
- RE: [cobalt-security] HACK on RAQ3i
  - From: malcolm wild
- RE: [cobalt-security] HACK on RAQ3i
  - From: Sean Chester

Prev by Date: Re: [cobalt-security] RE: SSH 2.5.1 pkg file DONE!!!
Next by Date: RE: [cobalt-security] HACK on RAQ3i
Previous by thread: Re: [cobalt-security] IMAPd on Cobalts
Next by thread: RE: [cobalt-security] HACK on RAQ3i

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index