[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] HACK on RAQ3i
- Subject: RE: [cobalt-security] HACK on RAQ3i
- From: "Sean Chester" <seanc@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 5 Mar 2001 11:49:36 -0000
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
-----Original Message-----
Subject: [cobalt-security] HACK on RAQ3i
>we have just traced a hack into our primary NS its a Trin00 Deamon for
>DDOS attacks.
>The funny thing is that this box has no Virtual sites and no ftp but
>Telnet enabled on it. I can't see how they would have accessed the root
>shell.
the h4ck3r doesnt need a telnet or ftp service to r00t you.
they simply run an exploit on one of your services (probably proftpd or
bind) and there dropped
straight into a rootshell (in most cases).
most of the time they just just run a script that does it all for them,
hense the name 'scr1pt k1dd13z'