[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Slapper Infection?

Subject: [cobalt-security] Slapper Infection?
From: "David Seaton" <david@xxxxxxxxxxx>
Date: Wed, 2 Apr 2003 11:17:09 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Ok I could use some help...

I ran my chkrootkit 39a and it came out with

Checking `slapper'... Warning [I can't remember.]

[Sorry, it scrolled off my screen]

So I ran chkrootkit 38 (because it was there). And it also showed the same
warning.
Plus a LKM warning [also off the screen]

Next I run scan.slapper-worm from
### Apache/mod_ssl Worm log scanner
### Glen Scott <glen@xxxxxxxxxxxxxxxxxxxx>
That I had on there from the days when slapper was a problem.
Nothing detected.

Next I run "ps auwx | grep httpd" from "Tom Sands" <tsands@xxxxxxxxxxxxx> Posted
by fragga (9/24/2002)
Nothing unusual.

Next I ran "chkrootkit -x" and that was to much info for me to make use.

I ran chkrootkit again, and now both the slapper and lkm don't show up. Even if
I do:
chkrootkit slapper
chkrootkit lkm

I have OpenSSH Release 3.4p1-PM4
And latest patches from Sun and pkgmaster

Please someone have any suggestions??
I do know one thing now.. >> to file.. when running these scans

Thanks in advance.

david

Prev by Date: [cobalt-security] Secure FTP
Next by Date: Re: [cobalt-security] Secure FTP
Previous by thread: Re: [cobalt-security] Re: New SSH pkg problem installing
Next by thread: [cobalt-security] sendmail attack messages

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index