[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] are these worm files?

Subject: Re: [cobalt-security] are these worm files?
From: "Tsukaeru.net" <webmaster@xxxxxxxxxxxx>
Date: Mon, 26 Mar 2001 10:39:36 +0900
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

I have reinstalled the complete OS so nothing of t0rn should remain..

Jason Frisch

----- Original Message -----
From: "Gossi The Dog" <gossi@xxxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Monday, March 26, 2001 10:51 AM
Subject: Re: [cobalt-security] are these worm files?


>
>
> On Mon, 26 Mar 2001, Tsukaeru.net wrote:
>
> > Which patch is the appropriate patch...? I have all the latest RAQ4
patches
> > and installed portsentry. Should this cover it?
>
> It depends on how bleh-bleh person got into the system as to which patches
> you need to apply.  If you applied one of the earlier bind .pkg's you may
> need to restart the named service for it to take effect.
>
> I'd personally recommend making sure proftpd, sendmail, named and SSH are
> up to date.  If you can get away with it, disabling the web administrator
> interface might also be a good idea.
>
> Anyway, if you have t0rn or similar running chances are there are
> rootshells all over the box that need cleaning.
>
> Anyway, 3am in the UK so I'm off to bed.
> Gossi.
>
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>

References:
- Re: [cobalt-security] are these worm files?
  - From: Gossi The Dog

Prev by Date: Re: [cobalt-security] are these worm files?
Next by Date: Re: [cobalt-security] Cobalt Raq II - Unprotected Admin Pages
Previous by thread: Re: [cobalt-security] are these worm files?
Next by thread: RE: [cobalt-security] are these worm files?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index