Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: rooted by r0x - from address 212.177.241.127

From: slam () THEGRID NET (slam () THEGRID NET)
Date: Thu, 30 Mar 2000 15:40:13 -0800

I've been hit by this too...the exploit is public so I guess we should expect this.  I am also pretty sure it was the 
named 8.2 8.2.1 NXT exploit..have tried it and it works /too/ well.  If you EVER happen to have to restart your named 
service you should be sure to check out your system...

I like the last one that did the ftp update of the services that was great...talk about irony.

::

From my named/bind default directory:

drwxr-xr-x   2 root     root         1024 Mar >28 12:05 ADMROCKS


I had the exact same thing happen to one of my >machines on March 25.  How
many people have been hit by this?  The only >services running on the hacked
machine were ssh and named however..  so I'm not >100%  convinced it's bind.
The machine was running RedHat 6.1 with only a >few updates installed at the
time.

-Ethan


Adam
Skulker
Previous By Date Next
Previous By Thread Next

Current thread: