Security Incidents mailing list archives
Re: [UPDATE]Dos Trojan on Solaris
From: rpadilla () GSU EDU (Roderick Padilla)
Date: Wed, 9 Feb 2000 11:24:24 -0500
We found milk running as a user level in one attack. We found out later another instance but running as root!!. There is a very interesting paper from Dave Dittrich, University of Washington http://staff.washington.edu/dittrich/misc/faqs/rootkits.faq There are lots of rumors out there .. I am listening ... At 11:10 AM 2/9/00 -0500, Ross Mueller wrote:
are you sure it's milk that is the d-dos? i would bet it's a distributed syn flood.... my guess is stream.c..... from the rumors i hear going around... ..ross 0x75,0x75,0x6e,0x65,0x74 On Wed, 9 Feb 2000, Roderick Padilla wrote:Thanks to all for all your responses and information. Today, is in the news (again). It was Yahoo and then EBay and Cnn.com and others. Same thing. Looks like there is no stop to this. We are very small if we compare the since of those sites, but small sites are the ones causing the problems. I would like to keep the subject going but not sure if there are answers. SUN is quiet so far on this (as usual). Please let me know if you find the source code of this "milk" or whatever name appears to be in your system. Thanks! Roderick Padilla Office:(404) 651-3832 Systems & Network Administrator Fax: (404) 651-3842 http://www.cis.gsu.edu/~rpadilla Email: rpadilla () gsu edu Department of Computer Information Systems J. Mack Robinson College of Business Georgia State University PO Box 4015 Atlanta, Georgia, USA 30302-4015
Roderick Padilla rpadilla () gsu edu
Current thread:
- Re: [UPDATE]Dos Trojan on Solaris Roderick Padilla (Feb 09)
- Re: [UPDATE]Dos Trojan on Solaris Ross Mueller (Feb 09)
- <Possible follow-ups>
- Re: [UPDATE]Dos Trojan on Solaris spookah . (Feb 11)