[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Re: Qubes - hacked

Subject: [cobalt-security] Re: Qubes - hacked
From: "Audric Leperdi" <aleperdi@xxxxxxxxxxxxx>
Date: Tue, 29 Apr 2003 14:27:48 +0200
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Qube3 Pro hacked.
"massrooter" found on temp.
Qube3 Pro reinstalled from OSRCD.
Admin password strenghted.
Qube3 Pro fully patched.

Qube3 Pro firewalled with only port 22,25,80,110,443 and 444 open fromoutside.

Stopped samba, appletalk and squid services.
Hacked again within 24 hours.
Samba and squid were found running.
Two "extra" user account found: "adrian" as root, and kid as normal user.

Kid .bash_history showed compiling of massr00ter, other exploits and attacksto other ip.

"Last" showed login from a cybercafe in Budapest.

Analysis of the httpd-logs for one-hit scans showed 3 screenings fromNewYork, Seattle and another place in the states.Could not find the main entrance...any one with more info??Could post parts of relevant logs...Audric

References:
- Re: [cobalt-security] Qubes - hacked
  - From: Jeroen Wunnink

Prev by Date: Re: [cobalt-security] Qubes - hacked
Next by Date: Re: [cobalt-security] Qubes - hacked
Previous by thread: Re: [cobalt-security] Qubes - hacked
Next by thread: [cobalt-security] bleh!

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index