[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] root kitted :(

Subject: Re: [cobalt-security] root kitted :(
From: Mike Jeffers <mjeffers@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Sun, 2 Dec 2001 22:46:49 -0600 (CST)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

You read it correctly... I was looking to find "safe" files to copy over
the bogus ones until I get a chance to back the data off and restore.
The RPMs provided me with fresh copies of the files I was looking for.

I'm pretty sure I've firewalled the perpetrator out, so it's now just a
matter of postmortem procedures before the restoration. I'm still not sure
what service was exploited. I *though* my box was fairly tight, minus a
good IDS and firewall solution. Which is my own fault anyway.

<shrug>

Thanks for the help gentlemen. :)

-Mike

On Sun, 2 Dec 2001, Roy A. Urick wrote:

> I think what he was requesting was file sizes, dates and checksums of known
> good files to compare to his? Or even known "safe" files to just copy over
> the top of his.
>
> Thats how I read it.
>
> ----- Original Message -----
> From: "Taco Scargo" <taco.scargo@xxxxxxx>
> To: <cobalt-security@xxxxxxxxxxxxxxx>
> Sent: Sunday, December 02, 2001 5:21 PM
> Subject: Re: [cobalt-security] root kitted :(
>
>
> > What you asked for is unchanges programs. By installing the RPMS (again)
> you
> > restore the original versions. That's what you wanted, didn't you ?
> >
> > Anyway, if I were you, I'd store my data somewhere safe and restore the
> box.
> >
> > Taco

References:
- Re: [cobalt-security] root kitted :(
  - From: Roy A. Urick

Prev by Date: Re: [cobalt-security] root kitted :(
Next by Date: [cobalt-security] access_log
Previous by thread: Re: [cobalt-security] root kitted :(
Next by thread: Re: [cobalt-security] root kitted :(

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index