RE: ptrace24 - How It apeared in my box?

["Wiest, Damian" <dmwiest () rc2corp com>]

Jairo,

Nearly all of the services you mentioned have had vulnerabilities published
recently (depending on which implementations you're using).

Without more information about your system I can only recommend that you
reinstall, upgrade to the most recent releases of the services you mentioned
and reconsider which services you want to make accessible over the Internet.

-Damian

> -----Original Message-----
> From: Jairo Tcatchenco [mailto:jairo () adaesp sp gov br] 
> Sent: Wednesday, June 18, 2003 12:08 PM
> To: security-basics () securityfocus com
> Subject: ptrace24 - How It apeared in my box?
>
>
>         Hello all!
>
>     Using chkrootkit tool, I found a root kit inside my box. 
> A door was 
> opened and I haven't found yet how they putted it there (there is a 
> folder in tmp, called ..\ \ \ with a lot of malicious files). I left 
> just the basic doors opened (ntp, domain, ssh, http, https).  Could 
> someone explain how they putted it there?
>
>         Thanks.
>
> Jairo Tcatchenco

---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------