Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Lion Worm/crew.tgz

From: Dave Dittrich <dittrich () CAC WASHINGTON EDU>
Date: Mon, 26 Mar 2001 18:24:44 -0800
  I've now got copies of both.



This is very confusing.
Since you have two different versions, could you make them both available
for download somewhere?



Here is the content of the http://coollion.51.net/crew.tgz version I
dowloaded Mar 22 09:09.



$ tar tzvf crew.tgz
drwxr-xr-x root/root         0 2001-02-26 00:31:51 lib/
drwxr-xr-x root/root         0 2001-02-26 01:46:52 lib/scan/
-rwxr-xr-x root/root       122 2001-02-26 01:46:39 lib/scan/1i0n.sh
-rwxr-xr-x root/root        85 2001-02-21 04:22:10 lib/scan/hack.sh
. . .


When comparing tarballs of files, it is helpful to include both md5
checksums of each file, and date stamps (sorted by date, if possible)
to make it easier to differentiate the contents of each kit found.
Also including an md5 checksum and date you got a copy will help
build timelines.

--
Dave Dittrich                           Computing & Communications
dittrich () cac washington edu             Client Services
http://staff.washington.edu/dittrich    University of Washington

PGP key      http://staff.washington.edu/dittrich/pgpkey.txt
Fingerprint  FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5
Previous By Date Next
Previous By Thread Next

Current thread: