Security Incidents mailing list archives
Re: fun with posiden rootkit
From: Skip Carter <skip () taygeta com>
Date: Mon, 25 Mar 2002 14:48:10 -0800
- sometimes checking failed script-kiddies can be entertaining if time permits to look around for any funny stuff
I had one incident that I investigated for a client recently. It was the usual: gain entry, install rootkit, install password scanner, etc. Except he did it in the wrong order, so that his password scanner caught his own connection back to his rootkit archive; so when I started my investigation I was able to log in to his archive and pick up his entire stash of tools. -- Dr. Everett (Skip) Carter Phone: 831-641-0645 FAX: 831-641-0647 Taygeta Scientific Inc. INTERNET: skip () taygeta com 1340 Munras Ave., Suite 314 WWW: http://www.taygeta.com Monterey, CA. 93940 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- fun with posiden rootkit Olaf Schreck (Mar 25)
- Re: fun with posiden rootkit Alvin Oga (Mar 25)
- Re: fun with posiden rootkit Skip Carter (Mar 25)
- Re: fun with posiden rootkit Dave Dittrich (Mar 26)
- Re: fun with posiden rootkit Skip Carter (Mar 25)
- Re: fun with posiden rootkit Alvin Oga (Mar 25)