[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] root kitted :(
- Subject: Re: [cobalt-security] root kitted :(
- From: "Taco Scargo" <taco.scargo@xxxxxxx>
- Date: Sat, 1 Dec 2001 22:18:10 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Get the rpms and install them with rpm -U --force from
ftp.cobaltnet.com/pub/products/raq4/RPMS
See what rpm you need with rpm -qif /path/to/file
With regards,
Taco Scargo
Professional Services Manager, EMEA
Sun Microsystems
Sun Cobalt Server Appliances
----- Original Message -----
From: "Mike Jeffers" <mjeffers@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Saturday, December 01, 2001 5:41
Subject: [cobalt-security] root kitted :(
> I have reason to believe that I am a victim of a root kit and have false
> copies of the following binaries:
>
> w
> ps
> ls
>
> I have since thrown up a few ipchains rules as a temporary stop gap, but
> would like to further investigate the perpetrator's kit before I format
> and restore. Without having good copies of these files, finding where
> on my file system he dropped off his kit is like looking for a needle
> in a hay stack.
>
> I'm looking to get known good copies of these binaries, could anyone lend
> a hand and get me good copies? (I'm on a RaQ4, BTW)
>
> Many thanks in advance,
>
> -Mike
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>