[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re[2]: [cobalt-security] Raq 550 Remote Exploits?
- Subject: Re[2]: [cobalt-security] Raq 550 Remote Exploits?
- From: Dmitry Alexeyev <dmi_a@xxxxxxxxxx>
- Date: Tue, 27 Jan 2004 02:52:31 +0300
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hello!
Those this mean the cracker got in using sendmail?
KF> We had something similar happen a couple of weeks ago on our 550. Our
KF> sendmail binary got hacked and was ignoring the /etc/mail/access file, which
KF> made us an open-relay. We caught it but only after 60k messages went out.
KF> While trying to find the problem, our /home disappeared.
That is LKM rootkit probably, like suckit or kis.
KF> Our sysadmin said
KF> that something was "overlaying another partition" and making it disappear,
KF> but it was really still there. The check root kit found nothing, so we're
KF> not sure what happened. The spammers were in Korea and we contacted their
KF> ISP. After that, someone tried to hit us with a DoS attack. What joy.
KF> Good luck.
KF> -keith
Regards,
Dmitry