[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Slapper Infection?
- Subject: [cobalt-security] Slapper Infection?
- From: "David Seaton" <david@xxxxxxxxxxx>
- Date: Wed, 2 Apr 2003 11:17:09 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Ok I could use some help...
I ran my chkrootkit 39a and it came out with
Checking `slapper'... Warning [I can't remember.]
[Sorry, it scrolled off my screen]
So I ran chkrootkit 38 (because it was there). And it also showed the same
warning.
Plus a LKM warning [also off the screen]
Next I run scan.slapper-worm from
### Apache/mod_ssl Worm log scanner
### Glen Scott <glen@xxxxxxxxxxxxxxxxxxxx>
That I had on there from the days when slapper was a problem.
Nothing detected.
Next I run "ps auwx | grep httpd" from "Tom Sands" <tsands@xxxxxxxxxxxxx> Posted
by fragga (9/24/2002)
Nothing unusual.
Next I ran "chkrootkit -x" and that was to much info for me to make use.
I ran chkrootkit again, and now both the slapper and lkm don't show up. Even if
I do:
chkrootkit slapper
chkrootkit lkm
I have OpenSSH Release 3.4p1-PM4
And latest patches from Sun and pkgmaster
Please someone have any suggestions??
I do know one thing now.. >> to file.. when running these scans
Thanks in advance.
david