Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Rooted, new DDoS also

From: Michal Zalewski <lcamtuf () DIONE IDS PL>
Date: Fri, 1 Dec 2000 00:01:36 +0100
On Thu, 30 Nov 2000, Philip Champon wrote:


On Nov 26, 2000 06:02 EST, a box of ours was rooted via in.ftpd. The
most interesting thing about this is the daemon he left behind. I
searched all of the archives on securityfocus and packetstorm and
nothing on this has turned up... the daemon is spsiod. Here are the
signs:


You might want to read this thread:

http://lufog.dhs.org/lufog_archive/0010/0021.html

Don't know if it will be helpful, but seems to me you're not the only one
:)

--
_______________________________________________________
Michal Zalewski [lcamtuf () tpi pl] [tp.internet/security]
[http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};:
=--=> Did you know that clones never use mirrors? <=--=
Previous By Date Next
Previous By Thread Next

Current thread: