[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] are these worm files?
- Subject: Re: [cobalt-security] are these worm files?
- From: "Adam Sculthorpe" <sculthorpe@xxxxxxxxxxxxx>
- Date: Mon, 26 Mar 2001 01:17:05 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Someone should write an ethical worm that breaks into the system, secures it then leaves !
Gossi, are you up for it? :)
*********** REPLY SEPARATOR ***********
On 26/03/2001 at 08:41 Tsukaeru.net wrote:
>I hade the same rootpack installed previously. And...finally lost root
>access and had to reinstall the OS. As far as I know this attack is usually
>through DNS..(Bind?) Do you have this running on your server?
>
>Jason Frisch
>
>----- Original Message -----
>From: "Gossi The Dog" <gossi@xxxxxxxxxxxxxx>
>To: <cobalt-security@xxxxxxxxxxxxxxx>
>Sent: Monday, March 26, 2001 7:40 AM
>Subject: Re: [cobalt-security] are these worm files?
>
>
>>
>>
>> On Sat, 24 Mar 2001, Loryan Strant wrote:
>>
>> > Hi,
>> >
>> > I've just run Lionfind on my Cobalt RaQ4, and it says the following are
>> > suspicious files:
>> >
>> > /usr/src/.puta/.1addr /usr/src/.puta/.1file /usr/src/.puta/.1proc
>> > /usr/src/.puta/.1logz /usr/src/.puta/ /usr/src/.puta/ /usr/info/.t0rn/
>> >
>> > I find those a little odd too, so I'm wondering if I can delete this
>whole
>> > directory.
>> > Does anyone have any suggestions?
>> >
>>
>> T0rn rootkit. That box is owned. Either spend a loooot of time
>> reinstalling binaries and cleaning up files, or reinstall the box.
>>
>> Either way, if you just sit on it you are asking for trouble.
>>
>>
>> _______________________________________________
>> cobalt-security mailing list
>> cobalt-security@xxxxxxxxxxxxxxx
>> http://list.cobalt.com/mailman/listinfo/cobalt-security
>>
>
>_______________________________________________
>cobalt-security mailing list
>cobalt-security@xxxxxxxxxxxxxxx
>http://list.cobalt.com/mailman/listinfo/cobalt-security
M