Security Incidents mailing list archives
Re: rooted by r0x - from address 212.177.241.127
From: slam () THEGRID NET (slam () THEGRID NET)
Date: Thu, 30 Mar 2000 15:40:13 -0800
I've been hit by this too...the exploit is public so I guess we should expect this. I am also pretty sure it was the named 8.2 8.2.1 NXT exploit..have tried it and it works /too/ well. If you EVER happen to have to restart your named service you should be sure to check out your system... I like the last one that did the ftp update of the services that was great...talk about irony. ::
From my named/bind default directory:drwxr-xr-x 2 root root 1024 Mar >28 12:05 ADMROCKS I had the exact same thing happen to one of my >machines on March 25. How many people have been hit by this? The only >services running on the hacked machine were ssh and named however.. so I'm not >100% convinced it's bind. The machine was running RedHat 6.1 with only a >few updates installed at the time. -Ethan
Adam Skulker
Current thread:
- Re: rooted by r0x - from address 212.177.241.127 slam () THEGRID NET (Mar 30)
- <Possible follow-ups>
- Re: rooted by r0x - from address 212.177.241.127 Steve (Mar 30)