Security Incidents mailing list archives
solaris rootkit investigation
From: SecLists <lists () secure stargate net>
Date: Wed, 6 Jun 2001 12:54:24 -0400 (EDT)
Hello all... First time posting to the list here... One of our customers who we do security services for when they are needed recently had a Solaris 7 box compromised. There appears to be a rootkit installed that opens an ssh daemon on port 27354 with a sshd_host_key.pub of: ...root@NoraD has anyone seen this before? or has any info on it? ie, what binaries have been trojaned, what files have been replaced, etc.?? Thanks, Shawn Duffy
Current thread:
- solaris rootkit investigation SecLists (Jun 06)
- Re: solaris rootkit investigation Johnny Cyberpunk (Jun 06)
- <Possible follow-ups>
- RE: solaris rootkit investigation Dave Salovesh (Jun 06)