[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] Re: [cobalt-users] ssh on port 44658???

Subject: RE: [cobalt-security] Re: [cobalt-users] ssh on port 44658???
From: Åke Brännström <ake@xxxxxxxxxxx>
Date: Wed, 18 Apr 2001 14:52:48 +0200
Organization: Department of Mathematics
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> > There's a small risk that you have the 't0rnkit' rootkit 
> > installetd on your RaQ4. You can read more about this at CERT:

> s:/small/HUGE
> 
> Please see [..]
> http://www.mail-archive.com/cobalt-users@xxxxxxxxxxxxxxx/msg09076.html
> 
> Note the line:
> "You will probably also find the fake SSH running as nscd (/usr/sbin/nscd or
> similar)."
> 
> Your host has definitely been compromised.

The post says that IF you have the t0rn rootkit on your computer, you will
PROBABLY find ssh running as nscd. But if you find ssh running as nscd, how
high is the risk that you have the t0rn rootkit? The post doesn't say! 

It may be as you say, that the risk is HUGE, but you have presented no evidence
to support this claim. It is certainly true though, that the host has most
likely been compromised. 

My apologies to those who think that this is a minor matter. 

Sincerely, 
Ake Brannstrom

Follow-Ups:
- [cobalt-security] Possible problem?
  - From: Scott Genevish

References:
- RE: [cobalt-security] Re: [cobalt-users] ssh on port 44658???
  - From: Drage, Nicholas

Prev by Date: RE: [cobalt-security] Re: [cobalt-users] ssh on port 44658???
Next by Date: [cobalt-security] Possible problem?
Previous by thread: RE: [cobalt-security] Re: [cobalt-users] ssh on port 44658???
Next by thread: [cobalt-security] Possible problem?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index