[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] have I been 0wn3d?
- Subject: RE: [cobalt-security] have I been 0wn3d?
- From: "Jamie - i-Dot" <jamie@xxxxxxxxx>
- Date: Mon, 16 Sep 2002 21:21:31 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
It means the grep command caught the ps aux command before it exited :)
Basically you can see yourself searching for it :)
No Worries :)
-----Original Message-----
From: cobalt-security-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx] On Behalf Of Gary M. Root
Sent: 16 September 2002 21:16
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: RE: [cobalt-security] have I been 0wn3d?
|> So basically, there's plenty of info on this list for me to protect
|> myself, but I'm afraid that I've already been owned. Can
|someone give me
|> a bit of insight as to how to find out for sure?
|
|According to those who've seen it (and assuming that there are no
|variants out yet):
|
|-) "ps -ax | grep bugtraq" will show a process ".bugtraq" if
|it's running.
I don't see anything when I type the command correctly, but I also
accidentally typed:
"ps -ax | grep bugtrag" (with a "g")
And I get:
"24002 pts/0 S 0:00 grep bugtrag"
What does that mean??
|-) There'll be a file called /tmp/.bugtraq.c in the machine
|containing the
|worm's source.
|
|HTH,
|
|John
|
|
|_______________________________________________
|cobalt-security mailing list
|cobalt-security@xxxxxxxxxxxxxxx
|http://list.cobalt.com/mailman/listinfo/cobalt-security
|
|
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security