Security Incidents mailing list archives
Re: LJK2 rootkit?
From: hektor () RZ RWTH-AACHEN DE (Jens Hektor)
Date: Wed, 17 May 2000 07:07:41 -0000
Hi,
Noteworthy: The bad english. The misplaced comma is a "common" european error, would fit in nicely with the notes further down.
[...]
1 212.204
This network is owned by a company located in Gevelsberg, Germany. The other networks are European, American and Japanese.
Any ideas on whether or not it would be possible to retrieve the Point of origin of the attack? Also, was this a known package? I haven't been able to find anything about "LJK2"..
Maybe the network above gives the hint. I think that the package was Linux Root Kit 4 or so which is in use very often. LJK2 might be less significant unless you find the machine of the attacker.
Oh, and while the machine itself has been restored, I have a full backup available, so if you have any further questions about files etc I'll be glad to dig them out.
Sent it to DFN-CERT. Bye, Jens
Current thread:
- Re: IP Black list?, (continued)
- Re: IP Black list? jms (May 14)
- Re: IP Black list? (Track yes, Block no) Bryan Andersen (May 16)
- You can now track Bugtraq via software (fwd) Alfred Huger (May 15)
- Re: IP Black list? jms (May 14)
- Re: IP Black list? Mike Shannon (May 15)
- LJK2 rootkit? Felix Schueren (May 16)
- Re: LJK2 rootkit? Jose Nazario (May 16)
- IP blacklists phi-incident () EXORSUS NET (May 16)
- Re: LJK2 rootkit? Omachonu Ogali (May 16)
- Re: LJK2 rootkit? Jose Nazario (May 18)
- Re: LJK2 rootkit? Omachonu Ogali (May 18)
- LJK2 rootkit? Felix Schueren (May 16)
- Re: LJK2 rootkit? Jens Hektor (May 17)
- Re: LJK2 rootkit? Egon Barfuß jun. (May 17)
- Korea Damian Gerow (May 17)
- Re: IP Black list? Ryan Russell (May 16)
- Re: IP Black list? Tabor J. Wells (May 16)
- Re: IP Black list? Michael Damm (May 15)
- Re: IP Black list? jms (May 15)
- TCP/IP options flags? Matt Beck (May 16)
- unapproved update from [166.93.60.5].61946 James Ankenbrandt (May 17)
- Re: unapproved update from [166.93.60.5].61946 Jon Lewis (May 18)