Security Incidents mailing list archives
Re: The x.c worm
From: Dave Dittrich <dittrich () cac washington edu>
Date: Tue, 4 Sep 2001 13:03:16 -0700 (PDT)
(Use Bill's "xcfind" tool for local host detection, but realize that it may, in future, give false positive results if a rootkit or
^^^^^^^^
loadable kernel module is used in conjunction with an exploit like this.)
Oops, sorry. I meant it might give false *negatives* in future. (A problem with looking for specific file names, paths, and ports, which are all pretty easy to change or hide.) -- Dave Dittrich Computing & Communications dittrich () cac washington edu University Computing Services http://staff.washington.edu/dittrich University of Washington PGP key http://staff.washington.edu/dittrich/pgpkey.txt Fingerprint FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- The x.c worm niels . heinen (Sep 04)
- Re: The x.c worm Dave Dittrich (Sep 04)
- Re: The x.c worm Dave Dittrich (Sep 04)
- Re: The x.c worm Martin Roesch (Sep 05)
- Re: The x.c worm Dave Dittrich (Sep 04)