[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] Re: [cobalt-users] ssh on port 44658???

Subject: RE: [cobalt-security] Re: [cobalt-users] ssh on port 44658???
From: "Drage, Nicholas" <nickd@xxxxxxxxx>
Date: Wed, 18 Apr 2001 12:02:52 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> -----Original Message-----
> From: Eke Brdnnstrvm [mailto:ake@xxxxxxxxxxx]
> Sent: 18 April 2001 11:21
> To: cobalt-security@xxxxxxxxxxxxxxx

> There's a small risk that you have the 't0rnkit' rootkit 
> installetd on your RaQ4. You can read more about this at CERT:

<snip>

s:/small/HUGE

Please see the first hit off: http://www.google.com/search?q=nscd+ssh

Namely:
http://www.mail-archive.com/cobalt-users@xxxxxxxxxxxxxxx/msg09076.html

Note the line:
"You will probably also find the fake SSH running as nscd (/usr/sbin/nscd or
similar)."

Your host has definitely been compromised.

( with thanks to a colleague for pointing those links out to me )

-- 
Nick Drage - Security Architecture - Demon Internet - Thus PLC
As of Wed 18/04/2001 at  9:00 
This computer has been up for 17 days, 1 hour, 37 minutes, 32 seconds.

Follow-Ups:
- RE: [cobalt-security] Re: [cobalt-users] ssh on port 44658???
  - From: Åke Brännström

Prev by Date: RE: [cobalt-security] Re: [cobalt-users] ssh on port 44658???
Next by Date: RE: [cobalt-security] Re: [cobalt-users] ssh on port 44658???
Previous by thread: RE: [cobalt-security] Re: [cobalt-users] ssh on port 44658???
Next by thread: RE: [cobalt-security] Re: [cobalt-users] ssh on port 44658???

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index