Security Incidents mailing list archives
solaris lpd, KARMAPOLICE?
From: "Ricky Vludmore" <ricky2k () anonymous to>
Date: Wed, 29 Aug 2001 01:47:26 -0700
I have a SunOS 5.8 system with a printer attached to it (used to service print requests on my company's network). It's a fairly busy printer. It's accessible via the Internet, with reason. Yesterday I went to investigate why a large batch of jobs had frozen. I discovered that they had been erased. Strange considering that nobody else has access to this machine and I haven't seen it happen before. I snooped around and noticed some very strange activity, namely what appeared to be signs of an intrusion- idle shell processes and other abnormalities. Not thinking, I pulled the plug :-( The only indication of an intrusion now is a log file that shows someone requesting a print request to or from a "KARMAPOLICE" printer/server which I don't recognize at all. Ring any bells? ------------------------------------------------------------ This email was sent through the free email service at http://www.anonymous.to/ To report abuse, please visit our website and click "Contact Us." ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- solaris lpd, KARMAPOLICE? Ricky Vludmore (Aug 29)
- Re: solaris lpd, KARMAPOLICE? Ken K (Aug 30)
- <Possible follow-ups>
- Re: solaris lpd, KARMAPOLICE? Ricky Vludmore (Aug 30)