Security Incidents mailing list archives

Re: AMDROCKS

From: aflores () PCR RECIFE PE GOV BR (Alejandro)
Date: Fri, 26 May 2000 09:06:09 -0300


        Hi,

        Recently I discovered a folder called ADMROCKS located on my
server inside /var/named, and I can't figure it out, how it was made, if I
was hacked, or if my machine is compromissed... Other strange thing was
that I discovered a line on /etc/inetd.conf invoking an interactive shell
owned by root. Im using linux redhat 6.1.

Thanks a lot,
Alejandro

Hi,

I have a Cobalt RaQ3 that some jerk messed up with
AMDROCKS. Can anyone tell me about it?

Has Cobalt done anything about this security weakness?

Thanks,

Jim

Current thread:

Re: Attacks on port 25, (continued)
- - - Re: Attacks on port 25 RayW (May 29)
    - invalid icmp in linux? Eric LeBlanc (May 27)
    - Re: invalid icmp in linux? Jose Nazario (May 28)
    - weird scan pattern Joe H (May 28)
    - Re: weird scan pattern Russell Fulton (May 29)
    - IDS: Scan of the week Lance Spitzner (May 30)
    - 5 scans of 12345 in a couple of hours. AUSCERT#36349 Russell Fulton (May 31)
    - Taiwan server compromise Claudiu Costin (May 26)
    - Re: Taiwan server compromise Vortex (May 26)
    - port 44767 activity Nathan Fain (May 28)
    - Re: AMDROCKS Alejandro (May 26)
    - Re: AMDROCKS J. S. Townsley (May 26)
    - Re: AMDROCKS Lance Spitzner (May 26)
    - Re: AMDROCKS Matthew F. Caldwell (May 26)
    - CERT's Handbook for Computer Security Incident Response Teams (CSIRTs) Elias Levy (May 26)