Security Incidents mailing list archives
Re: I Was rooted
From: Michal Nazarewicz <cefek () CAREER PL>
Date: Sat, 22 Jul 2000 13:43:19 +0200
Monday, Andrew Heath wrote: AH>as well as the sshd and sshd2, which seems a bit strange. Things that it AH>does that don't make sense to me include trojaning named, stopping and AH>deleting portmap, smbd, and nmbd, and removeing the imap entry from AH>inetd.conf. It also adds a binary "myserver" into lib which seems to be a That's kind of a kiddie security tightening. This script blindly deletes services, that may contain security holes. Crakers don't like when somebody other gets after their owned machine, so the best way to accomplish this is -- to remove potentially exploitable holes. Could you please upload to any website this rootkit? -- Michal 'CeFeK' Nazarewicz / CAOL, DK GROUP SYSADMIN ^ NETADMIN B ICQ 47171266 / +48 (601) CEFEK 0 / http://www.dkgroup.pl/index.html O mailto:cefek at saydk dot co dot uk / MN4735-RIPE / Pengiun #164007 F The best way to accelerate a Macintoy is 9.8 meters per second, squared. H
Current thread:
- Re: I Was rooted Michal Nazarewicz (Jul 24)