Security Incidents mailing list archives

Ramen

From: Matthew Roley <matt () babelmedia com>
Date: Mon, 22 Jan 2001 12:11:15 -0000

Hi there,

I was wondering if you can help me (...please :)).  One of our RedHat 6.2
servers was hit this morning with Ramen.  I've cleaned it out using the
documented procedure but there's still a lingering problem which seems
related.  The hosts.allow and hosts.deny files on the server have been
completely locked and cannot be changed, removed, chmoded even with
superuser access.  This doesn't seem documented anywhere but I can't think
of any other cause (this problem did not occur before the infection).

Any help or advice you can give would be (very) greatly appreciated.

Thanks.
Matt

......................
Matthew Roley (Web Developer)
Babel Media Ltd.
Unit 11-12 Hove Business Centre
Fonthill Road
Hove
East Sussex BN3 6HA
Tel: +44 (0)1273 764 120
Fax: +44 (0)1273 732 278
matt () babelmedia com

Current thread:

Ramen Matthew Roley (Jan 22)
- Re: Ramen Brian Taylor (Jan 22)
  - Re: Ramen Dave Dittrich (Jan 23)
    - Re: Ramen Neil Long (Jan 23)
    - Re: Ramen Russell Fulton (Jan 23)
    - Re: Ramen Lance Spitzner (Jan 23)
    - Re: Ramen Ryan W. Maple (Jan 24)