Security Incidents mailing list archives

Re: Korea (was RE: ?)

From: jlewis () LEWIS ORG (Jon Lewis)
Date: Tue, 1 Feb 2000 00:40:52 -0500


On Thu, 27 Jan 2000, R a v e N wrote:

A telnet backdoor on such a (relatively) low port that automatically
drops you to a rootshell?

This just proves how insecure educational institutes in eastern Asia
are. They get cracked by such a bunch of amateur crackers.


No country has a monopoly on this.  I've seen exactly the same thing on
dozens of boxes spread all over the world (US, AU, CN, CL, JP, DE, KR, SG
and the list goes on).  Why such primitive backdoors are used is somewhat
of a mystery.  In some cases, it's as simple as running /bin/sh from a
line inserted in inetd.conf.  In others, it's actually a replaced inetd or
new daemon installed that spawns a shell with no authentication when
connected to on a certain port.

----------------------------------------------------------------------
 Jon Lewis *jlewis () lewis org*|  Spammers will be winnuked or
 System Administrator        |  nestea'd...whatever it takes
 Atlantic Net                |  to get the job done.
_________http://www.lewis.org/~jlewis/pgp for PGP public key__________

Current thread:

Re: Korea (was RE: ?) Russell Fulton (Jan 31)
- <Possible follow-ups>
- Re: Korea (was RE: ?) Jon Lewis (Jan 31)
  - Re: Korea (was RE: ?) Joe User (Feb 01)
  - R: Re: Korea (was RE: ?) Raistlin (Feb 03)
    - Re: R: Re: Korea (was RE: ?) CyberPsychotic (Feb 05)
- Re: Korea (was RE: ?) Paul Kincaid (Feb 01)
- Re: Korea (was RE: ?) Douglas Cho (Feb 08)