Security Incidents mailing list archives

Re: Was I exploited?

From: labrat () INTERROREM COM (Russ Spooner)
Date: Thu, 29 Jun 2000 20:25:02 +0100


Looks more like a temporary file left over from Midnight commander....

There is a race condition in early (cant remember which) versions of mc.

Labrat

"Narins, Joshua" wrote:


Sorry, I don't have the filename anymore, but I found
a file in /tmp that was only this...

#!/bin/sh

The filename was like marek89f20c, but that's just a approximation.

Does that sound like a likely calling card of an attack?

Thanks all.

-Josh "Don't hate me because I'm AOL" Narins


--
===============================================
Interrorem LTD -> Network Security Specialists
http://interrorem.com
Security News and Info
===============================================

Current thread:

Permissions, (continued)
- - - Permissions Derick Schuetz (Jun 27)
    - Re: Permissions Valdis Kletnieks (Jun 27)
    - Re: Permissions Jon Lewis (Jun 27)
    - Probes for MySQL under Linux? Ralf G. R. Bergs (Jun 27)
    - Re: Probes for MySQL under Linux? Tabor J. Wells (Jun 27)
    - Port scan (106 and 389) Chris Laycock (Jun 28)
    - Compromise and Bind Replacement Scott Brown (Jun 28)
    - Re: Port scan (106 and 389) Fabio Pietrosanti (Jun 28)
    - Re: Probes for MySQL under Linux? Al Huger - Mail Account (Jun 28)
    - Was I exploited? Narins, Joshua (Jun 29)
    - Re: Was I exploited? Russ Spooner (Jun 29)
    - Re: Nike Site taken over Ballard, James (Jun 27)
    - port 1433? Sir Scriptzalot (Jun 25)
    - Re: port 1433? Jason Witty (Jun 27)
    - Port 1433 Edwin Concepcion (Jun 26)
  - Re: Nike Site taken over x-empt (Jun 23)
- Port 7070? PARKIN, MICHAEL (PBI) (Jun 22)
  - Re: Port 7070? Ryan Russell (Jun 22)
  - Re: Port 7070? Robert Graham (Jun 23)