[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] root kitted :(

Subject: [cobalt-security] root kitted :(
From: Mike Jeffers <mjeffers@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 30 Nov 2001 22:41:52 -0600 (CST)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

I have reason to believe that I am a victim of a root kit and have false
copies of the following binaries:

w
ps
ls

I have since thrown up a few ipchains rules as a temporary stop gap, but
would like to further investigate the perpetrator's kit before I format
and restore. Without having good copies of these files, finding where
on my file system he dropped off his kit is like looking for a needle
in a hay stack.

I'm looking to get known good copies of these binaries, could anyone lend
a hand and get me good copies? (I'm on a RaQ4, BTW)

Many thanks in advance,

-Mike

Follow-Ups:
- Re: [cobalt-security] root kitted :(
  - From: Taco Scargo

Prev by Date: Re: [cobalt-security] neomail on RAQ02
Next by Date: [cobalt-security] IDS and established TCP/UDP sessions
Previous by thread: [cobalt-security] New SSH packages on http://pkg.cobalt.com
Next by thread: Re: [cobalt-security] root kitted :(

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index