[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] root kitted :(

Subject: Re: [cobalt-security] root kitted :(
From: "Taco Scargo" <taco.scargo@xxxxxxx>
Date: Sun, 2 Dec 2001 23:21:27 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

What you asked for is unchanges programs. By installing the RPMS (again) you
restore the original versions. That's what you wanted, didn't you ?

Anyway, if I were you, I'd store my data somewhere safe and restore the box.

Taco
----- Original Message -----
From: "Christopher Lange" <lists@xxxxxxxxxxxxxxxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Sunday, December 02, 2001 22:09
Subject: Re: [cobalt-security] root kitted :(


> Taco,
>
> By reinstalling these RPMS' from the ftp site, would we need to reinstall
> any packages such as the kernel package that was distributed?
>
> --
> Christopher Lange
>
> ----- Original Message -----
> From: "Taco Scargo" <taco.scargo@xxxxxxx>
> To: <cobalt-security@xxxxxxxxxxxxxxx>
> Sent: Saturday, December 01, 2001 2:18 PM
> Subject: Re: [cobalt-security] root kitted :(
>
>
> Get the rpms and install them with rpm -U --force  from
> ftp.cobaltnet.com/pub/products/raq4/RPMS
> See what rpm you need with rpm -qif /path/to/file
>
> With regards,
>
> Taco Scargo
> Professional Services Manager, EMEA
>
> Sun Microsystems
> Sun Cobalt Server Appliances
> ----- Original Message -----
> From: "Mike Jeffers" <mjeffers@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
> To: <cobalt-security@xxxxxxxxxxxxxxx>
> Sent: Saturday, December 01, 2001 5:41
> Subject: [cobalt-security] root kitted :(
>
>
> > I have reason to believe that I am a victim of a root kit and have false
> > copies of the following binaries:
> >
> > w
> > ps
> > ls
> >
> > I have since thrown up a few ipchains rules as a temporary stop gap, but
> > would like to further investigate the perpetrator's kit before I format
> > and restore. Without having good copies of these files, finding where
> > on my file system he dropped off his kit is like looking for a needle
> > in a hay stack.
> >
> > I'm looking to get known good copies of these binaries, could anyone
lend
> > a hand and get me good copies? (I'm on a RaQ4, BTW)
> >
> > Many thanks in advance,
> >
> > -Mike
> >
> > _______________________________________________
> > cobalt-security mailing list
> > cobalt-security@xxxxxxxxxxxxxxx
> > http://list.cobalt.com/mailman/listinfo/cobalt-security
> >
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>

Follow-Ups:
- Re: [cobalt-security] root kitted :(
  - From: Roy A. Urick

References:
- [cobalt-security] root kitted :(
  - From: Mike Jeffers
- Re: [cobalt-security] root kitted :(
  - From: Taco Scargo
- Re: [cobalt-security] root kitted :(
  - From: Christopher Lange

Prev by Date: [cobalt-security] RAQ3 vulnerabilities
Next by Date: Re: [cobalt-security] root kitted :(
Previous by thread: Re: [cobalt-security] root kitted :(
Next by thread: Re: [cobalt-security] root kitted :(

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index