Security Incidents mailing list archives
find_ddos results
From: Karl Malivuk <kmalivuk () UNM EDU>
Date: Wed, 15 Nov 2000 08:45:27 -0700
Security Focus; I am new to UNIX/Linux and just brought my first Linux box online. I am using it as a test machine before bringing up as a production host. I just received and installed find_ddos this morning and got the log listed below. I sent a copy to our campus security director who suggested I contact you. Where do I go from here? Thanks Karl ---------- Forwarded Message ---------- Date: Monday, November 13, 2000, 12:31 PM -0700 From: "David Grisham CIRT Security Admin." <dave () unm edu> To: root <kmalivuk () unm edu> Subject: Re: find_ddos I really don't know. The people at incidents@security focus.com can help. Subscribe and ask them or write to dsig () unm edu. Cheers.-grish On Mon, 13 Nov 2000, root wrote:
David; I just now installed find_ddos, ran it, and was presented with the following log: Log started for cfatest at Mon Nov 13 11:47:49 2000 Scanning running processes: /proc/23043/exe: identified as: stacheldraht daemon with no symbol table with the following differences: missing string: Error sending syn packet. missing string: nohup ./%s missing string: rcp %s@%s:sol.bin %s missing string: rm -rf %s missing string: sicken missing string: ttymon IP address found: 3.3.3.3 (spoofed address) Grabbing: /proc/23043/exe to: /usr/local/find_ddos/files/23043 Scanning "/tmp": Scanning "/": Log finished Mon Nov 13 11:50:32 2000 Sadly, I'm still too ignorant to know what to do about it. Should I simply delete this or should I be doing an additional corrective measure? Thanks Karl
Karl Malivuk Sr LAN Administrator, College of Fine Arts University of New Mexico
Current thread:
- find_ddos results Karl Malivuk (Nov 16)
- Re: find_ddos results Dave Dittrich (Nov 17)
- Re: find_ddos results Ryan Russell (Nov 17)
- Re: find_ddos results J C Lawrence (Nov 21)
- Re: find_ddos results Ryan Russell (Nov 22)
- Re: find_ddos results Valdis Kletnieks (Nov 24)
- Re: find_ddos results Jose Nazario (Nov 24)
- Re: find_ddos results J C Lawrence (Nov 21)
- Re: find_ddos results Jose Nazario (Nov 17)
- Re: find_ddos results Christophe Dubois (Nov 17)
- Re: find_ddos results Dave Dittrich (Nov 18)
- <Possible follow-ups>
- Re: find_ddos results Karl Malivuk (Nov 17)