Security Basics mailing list archives
RE: ptrace24 - How It apeared in my box?
From: "Wiest, Damian" <dmwiest () rc2corp com>
Date: Wed, 18 Jun 2003 16:11:51 -0500
Jairo, Nearly all of the services you mentioned have had vulnerabilities published recently (depending on which implementations you're using). Without more information about your system I can only recommend that you reinstall, upgrade to the most recent releases of the services you mentioned and reconsider which services you want to make accessible over the Internet. -Damian
-----Original Message----- From: Jairo Tcatchenco [mailto:jairo () adaesp sp gov br] Sent: Wednesday, June 18, 2003 12:08 PM To: security-basics () securityfocus com Subject: ptrace24 - How It apeared in my box? Hello all! Using chkrootkit tool, I found a root kit inside my box. A door was opened and I haven't found yet how they putted it there (there is a folder in tmp, called ..\ \ \ with a lot of malicious files). I left just the basic doors opened (ntp, domain, ssh, http, https). Could someone explain how they putted it there? Thanks. Jairo Tcatchenco
--------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
Current thread:
- ptrace24 - How It apeared in my box? Jairo Tcatchenco (Jun 18)
- Re: ptrace24 - How It apeared in my box? Jeremy Gaddis (Jun 18)
- Re: ptrace24 - How It apeared in my box? Muhammad Naseer Bhatti (Jun 19)
- Re: ptrace24 - How It apeared in my box? Fanis Drosos (Jun 19)
- <Possible follow-ups>
- RE: ptrace24 - How It apeared in my box? Wiest, Damian (Jun 18)