[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] root kitted :(
- Subject: [cobalt-security] root kitted :(
- From: Mike Jeffers <mjeffers@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 30 Nov 2001 22:41:52 -0600 (CST)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
I have reason to believe that I am a victim of a root kit and have false
copies of the following binaries:
w
ps
ls
I have since thrown up a few ipchains rules as a temporary stop gap, but
would like to further investigate the perpetrator's kit before I format
and restore. Without having good copies of these files, finding where
on my file system he dropped off his kit is like looking for a needle
in a hay stack.
I'm looking to get known good copies of these binaries, could anyone lend
a hand and get me good copies? (I'm on a RaQ4, BTW)
Many thanks in advance,
-Mike