Security Incidents mailing list archives

Re: exploit or human

From: Juri Haberland <juri () koschikode com>
Date: Thu, 31 Mar 2005 22:21:30 +0200

Hi,

Victor Calzado wrote:

Valentin Avram wrote:

Most of the symptoms you describe and the "sudden" falling of more
systems does point to a rootkit that was installed on the first
compromised machine (FC2). That machine might have been later used to
gain access to the other servers in your network.


Yes, It sounds like a  script kiddies  compromise with worm infection too.

There are groups of Romanian IRC Script Kiddies  rooting   RedHat  7.3  
servers all over the world for quite a long time.
Is there any of this RedHat 7.3 server running wu-ftpd ftp server or a 
web server with https support?


Do you have any information on what services/ which flaws are exploited
and whether RH 7.3 boxes are still vulnerable to those exploits if
updated with all updates from the Fedora Legacy Project?

Cheers,
Juri

Current thread:

exploit or human Cristian Stanca (Mar 29)
- RE: exploit or human andrew2 (Mar 29)
  - Re: exploit or human Kevin Reardon (Mar 30)
- Re: exploit or human Tim (Mar 30)
- Re: exploit or human Valentin Avram (Mar 30)
  - Re: exploit or human Victor Calzado (Mar 31)
    - Re: exploit or human Eduardo Kienetz (Mar 31)
    - Re: exploit or human Juri Haberland (Mar 31)
- Re: exploit or human Ben Nelson (Mar 30)