Security Incidents mailing list archives
possible new tool: std.pl, the rpc.statd linux mass rooter (fwd)
From: marc <marc () ZOUNDS NET>
Date: Thu, 14 Dec 2000 11:50:09 -0600
Recently a server of ours was compromised. On it we found a script and some programs that were scanning other machines for statd, and then automatically rooting the ones it found. I've done some searches, but found no reference to this. If it is new, I will post more details. Does anyone recognize this? #!/usr/bin/perl # # std.pl v0.2+p3 by KraZee - 10.30.00 private # rpc.statd linux mass rooter [epic] # # binds rootshell on port 24765 on exploited hosts # standard disclaimers apply # # DO NOT DISTRIBUTE !! DO NOT DISTRIBUTE I've sent similar msgs to sans and cert, but was unsure where else to share this. marc marc () zounds net
Current thread:
- possible new tool: std.pl, the rpc.statd linux mass rooter (fwd) marc (Dec 15)
- Re: possible new tool: std.pl, the rpc.statd linux mass rooter (fwd) Niels Heinen (Dec 15)
- Re: possible new tool: std.pl, the rpc.statd linux mass rooter (fwd) claymore (Dec 15)
- weird DNS logs K 0 (Dec 15)
- Re: possible new tool: std.pl, the rpc.statd linux mass rooter (fwd) Niels Heinen (Dec 15)