[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] About Hacked Raq 4

Subject: [cobalt-security] About Hacked Raq 4
From: raqlist@xxxxxxxxxxx
Date: Tue, 4 Nov 2003 17:31:10 -0500 (EST)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Checked the /tmp /var/tmp and /dev/ directories for hacker files.  That
will provide some clues.  Try to run chkrootkit and bring in clean copies
of ps,netstat,find,ls,md5sum and other tools you may need to investigate
the incident.

Most hackers are sloppy, a quick:

find /dev -perm 755
will reveal any executables installed via a rootkit.  showtee is a popular
kit used againsts raqs as there are auto-exploit tools that use it.

Jeff
www.rackaid.com

Prev by Date: RE: [cobalt-security] Cobalt Raq 4 Hacked
Next by Date: [cobalt-security] Re: Cobalt Raq 4 Hacked
Previous by thread: Re: [cobalt-security] Slightly OT - spammers using my domain
Next by thread: [cobalt-security] Re: Cobalt Raq 4 Hacked

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index