Security Incidents mailing list archives
Re: Korea (was RE: ?)
From: jlewis () LEWIS ORG (Jon Lewis)
Date: Tue, 1 Feb 2000 00:40:52 -0500
On Thu, 27 Jan 2000, R a v e N wrote:
A telnet backdoor on such a (relatively) low port that automatically drops you to a rootshell? This just proves how insecure educational institutes in eastern Asia are. They get cracked by such a bunch of amateur crackers.
No country has a monopoly on this. I've seen exactly the same thing on dozens of boxes spread all over the world (US, AU, CN, CL, JP, DE, KR, SG and the list goes on). Why such primitive backdoors are used is somewhat of a mystery. In some cases, it's as simple as running /bin/sh from a line inserted in inetd.conf. In others, it's actually a replaced inetd or new daemon installed that spawns a shell with no authentication when connected to on a certain port. ---------------------------------------------------------------------- Jon Lewis *jlewis () lewis org*| Spammers will be winnuked or System Administrator | nestea'd...whatever it takes Atlantic Net | to get the job done. _________http://www.lewis.org/~jlewis/pgp for PGP public key__________
Current thread:
- Re: Korea (was RE: ?) Russell Fulton (Jan 31)
- <Possible follow-ups>
- Re: Korea (was RE: ?) Jon Lewis (Jan 31)
- Re: Korea (was RE: ?) Joe User (Feb 01)
- R: Re: Korea (was RE: ?) Raistlin (Feb 03)
- Re: R: Re: Korea (was RE: ?) CyberPsychotic (Feb 05)
- Re: Korea (was RE: ?) Paul Kincaid (Feb 01)
- Re: Korea (was RE: ?) Douglas Cho (Feb 08)