Security Incidents mailing list archives
massive bind8 exploitation - t0rnkit8
From: Roberto <cinini () TERRA ES>
Date: Mon, 12 Feb 2001 14:01:57 -0000
Hola again ! It has become to my attention that there is massive bind8.2(p3/p5/p7) exploitation taking place, and tornkit8 being used. There are already worms for this on many underground irc channels floating around for users to use.. Here are some things to look out for tornkit8 and also if ur bind has been upgraded to 8.2.3-REL chances are its the automated worm thats been there... also u might want to look for dir /lib/ldd.so.. which exists on some machines tornkit8 is installed.. there is hidden files tks (sniffer) tkp(parser) and tkps(ssh snifferlog), also one ssh port being used a lot is 47017 (default tornkit) as well as 47889 keep ur eyes open for these.. More info as i get it ! Sincerly, Roberto
Current thread:
- massive bind8 exploitation - t0rnkit8 Roberto (Feb 12)
- Re: massive bind8 exploitation - t0rnkit8 Ryan Russell (Feb 13)
- <Possible follow-ups>
- Re: massive bind8 exploitation - t0rnkit8 Matteo,Marc A. (Feb 12)