[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] owned by 187?

Subject: RE: [cobalt-security] owned by 187?
From: "Sean Chester" <seanc@xxxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 6 Jun 2001 17:08:39 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

>-----Original Message-----
>Subject: [cobalt-security] owned by 187?

>The real bummer here is that I set up a bulk email CGI utility and the
idiot
>hacker used it to send messages to everyone saying, "Owned by 187" Anyone
>ever hear of that before?

I would say its from a group calling themselves '187'.
When a hacker manages to hack you, its called beeing 'Owned'.
The hacker is letting you know he 'Owns' you.
That would suggest to me that he hasnt actually done anything malicuous on
the box,
because he's telling you he got r00t.
Whereas other hackers would use what they can to hide themselfs (rootkit
normally).

>I'd love to know of a program that will record keystrokes of logged in
users.

there are loads out there, most of them are refered to as Sniffers'.


>My baseline checker reports no more modified files, and I've portscanned
all
>IPs on the raq, so it looks like the box is clean, which of course
surprises
>me.

I would run chkrootkit, simular such programs to double-double check.
check your inetd for rootshells, and it should tell you what files have been
tampered with (lastlog).

Hope everything is ok.
Sean

References:
- [cobalt-security] owned by 187?
  - From: Kevin D

Prev by Date: Re: [cobalt-security] owned by 187?
Next by Date: Re: [cobalt-security] etc/named !!!!!!!!!!!!!
Previous by thread: Re: [cobalt-security] owned by 187?
Next by thread: [cobalt-security] LAN/Internet Security questions

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index