[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] Re: [cobalt-users] ssh on port 44658???
- Subject: RE: [cobalt-security] Re: [cobalt-users] ssh on port 44658???
- From: "Drage, Nicholas" <nickd@xxxxxxxxx>
- Date: Wed, 18 Apr 2001 12:02:52 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> -----Original Message-----
> From: Eke Brdnnstrvm [mailto:ake@xxxxxxxxxxx]
> Sent: 18 April 2001 11:21
> To: cobalt-security@xxxxxxxxxxxxxxx
> There's a small risk that you have the 't0rnkit' rootkit
> installetd on your RaQ4. You can read more about this at CERT:
<snip>
s:/small/HUGE
Please see the first hit off: http://www.google.com/search?q=nscd+ssh
Namely:
http://www.mail-archive.com/cobalt-users@xxxxxxxxxxxxxxx/msg09076.html
Note the line:
"You will probably also find the fake SSH running as nscd (/usr/sbin/nscd or
similar)."
Your host has definitely been compromised.
( with thanks to a colleague for pointing those links out to me )
--
Nick Drage - Security Architecture - Demon Internet - Thus PLC
As of Wed 18/04/2001 at 9:00
This computer has been up for 17 days, 1 hour, 37 minutes, 32 seconds.