Security Incidents mailing list archives
Re: Compromised...
From: technot () BERGEN CX (technot)
Date: Wed, 9 Feb 2000 11:09:00 +0100
About this BIND exploit. I would be greatful if someone could tell me how it works. I have tested it on my own system, and it worked fine. but i dont really under stand the consept. When i tested on my system i needed 3 linux boxes. box1: running bind 8.2 (or 8.2.1) box2: setup some stuff in the nameserver running box3: running the exploit as i understand box2 sends a dnsquery to box3 which is running the exploit. the exploit then sends a query to box1 and falls in to some sort of loop, and all of a sudden there was the root shell. If someone would explain how/what exactly happens. I would be very greatful. And i read something here about someone finding a user called "web" or something after beeing "cracked". why does the cracker/hacker(call it what u want;) add a user at all, why not create a simple /in/login trojan or somthing in that manner;p - technot linux administrator
Current thread:
- Re: DoS Trojan on Solaris, (continued)
- Re: DoS Trojan on Solaris Ross Mueller (Feb 02)
- Re: DoS Trojan on Solaris David Brumley (Feb 02)
- Interesting Probe Rick Magill (Feb 03)
- Re: DoS Trojan on Solaris Dave Dittrich (Feb 03)
- Re: DoS Trojan on Solaris Data_surge (Feb 04)
- Re: DoS Trojan on Solaris Ross Mueller (Feb 03)
- Compromised... Steve Logan (Feb 07)
- Re: Compromised... David Bernick (Feb 07)
- Re: Compromised... Japheth (Feb 07)
- Re: Compromised... Simon Britnell (Feb 08)
- Re: Compromised... technot (Feb 09)
- Re: Compromised... Sebastian (Feb 09)
- Prank phone calls related to recent break-ins? Nate Carlson (Feb 09)
- Question about event log events JF Prieur (Feb 08)
- Re: Compromised... Jose Nazario (Feb 07)
- Re: Compromised... Jim Kinney (Feb 07)
- Re: Compromised... Jon Lewis (Feb 07)
- Re: Compromised... Joshua Krage (Feb 08)
- Re: Compromised... Rich Burroughs (Feb 09)
- Re: Compromised... Lane Davis (Feb 07)
- Re: Compromised... Marianovich Felix (Feb 08)