Security Incidents mailing list archives
Re: Was I exploited?
From: labrat () INTERROREM COM (Russ Spooner)
Date: Thu, 29 Jun 2000 20:25:02 +0100
Looks more like a temporary file left over from Midnight commander.... There is a race condition in early (cant remember which) versions of mc. Labrat "Narins, Joshua" wrote:
Sorry, I don't have the filename anymore, but I found a file in /tmp that was only this... #!/bin/sh The filename was like marek89f20c, but that's just a approximation. Does that sound like a likely calling card of an attack? Thanks all. -Josh "Don't hate me because I'm AOL" Narins
-- =============================================== Interrorem LTD -> Network Security Specialists http://interrorem.com Security News and Info ===============================================
Current thread:
- Permissions, (continued)
- Permissions Derick Schuetz (Jun 27)
- Re: Permissions Valdis Kletnieks (Jun 27)
- Re: Permissions Jon Lewis (Jun 27)
- Probes for MySQL under Linux? Ralf G. R. Bergs (Jun 27)
- Re: Probes for MySQL under Linux? Tabor J. Wells (Jun 27)
- Port scan (106 and 389) Chris Laycock (Jun 28)
- Compromise and Bind Replacement Scott Brown (Jun 28)
- Re: Port scan (106 and 389) Fabio Pietrosanti (Jun 28)
- Re: Probes for MySQL under Linux? Al Huger - Mail Account (Jun 28)
- Was I exploited? Narins, Joshua (Jun 29)
- Re: Was I exploited? Russ Spooner (Jun 29)
- Re: Nike Site taken over Ballard, James (Jun 27)
- port 1433? Sir Scriptzalot (Jun 25)
- Re: port 1433? Jason Witty (Jun 27)
- Port 1433 Edwin Concepcion (Jun 26)
- Re: Port 7070? Ryan Russell (Jun 22)
- Re: Port 7070? Robert Graham (Jun 23)