Security Basics mailing list archives
Re: ptrace24 - How It apeared in my box?
From: "Jeremy Gaddis" <jeremy () gaddis org>
Date: Wed, 18 Jun 2003 15:27:19 -0500
Jairo Tcatchenco writes:
Using chkrootkit tool, I found a root kit inside my box. A door was opened and I haven't found yet how they putted it there (there is a folder in tmp, called ..\ \ \ with a lot of malicious files). I left just the basic doors opened (ntp, domain, ssh, http, https). Could someone explain how they putted it there?
They gain shell access to your box, then used FTP or wget or similar to transfer ptrace24 to your box, which they then ranand gained root. Congratulations, you've just been hacked! j.
--Jeremy L. Gaddis <jeremy () gaddis org> <http://www.gaddis.org>
--------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare.Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
Current thread:
- ptrace24 - How It apeared in my box? Jairo Tcatchenco (Jun 18)
- Re: ptrace24 - How It apeared in my box? Jeremy Gaddis (Jun 18)
- Re: ptrace24 - How It apeared in my box? Muhammad Naseer Bhatti (Jun 19)
- Re: ptrace24 - How It apeared in my box? Fanis Drosos (Jun 19)
- <Possible follow-ups>
- RE: ptrace24 - How It apeared in my box? Wiest, Damian (Jun 18)