Security Incidents mailing list archives
Re: yes, its t0rn again
From: Roberto <cinini () TERRA ES>
Date: Mon, 8 Jan 2001 14:05:37 -0000
hola, Just wondering if anyone has some sort of fix or report of this kit ? I think my machines maybe infected with this kit to.. i was only able to find one directory, /lib/ldlib.tk which had the t0rn ssh with ssh listening on 47011, login was not backdoored and I was unable to locate config files (shdcf) with help of strings /bin/ps | grep / - which usually worked on lrk* kit's (old t0rn too), lsof also not help much. I didnt have md5 checksum's recorded so i was not able to compare with old ones.. Ciao, Roberto
Current thread:
- Re: yes, its t0rn again, (continued)
- Re: yes, its t0rn again Jeff Bachtel (Jan 04)
- Attack Signature Reprodution Alexandre Soares (Jan 06)
- Re: yes, its t0rn again Jeremy 'Circ' Charles (Jan 06)
- bootable readonly media in your pocket Re: yes, its t0rn again marc (Jan 05)
- Re: bootable readonly media in your pocket Re: yes, its t0rn again Michael H. Warfield (Jan 05)
- Re: bootable readonly media in your pocket Re: yes, its t0rn again Jeff (Jan 05)
- Re: bootable readonly media in your pocket Re: yes, its t0rn again marc (Jan 09)
- Re: bootable readonly media in your pocket Kevin Martin (Jan 09)
- Re: yes, its t0rn again Jeff Bachtel (Jan 04)
- Re: bootable readonly media in your pocket Re: yes, its t0rn again Ed Padin (Jan 05)
- Re: bootable readonly media in your pocket Re: yes, its t0rn again Ryan Russell (Jan 05)
- Re: yes, its t0rn again - chkrootkit Talisker (Jan 08)