Security Incidents mailing list archives
Re: exploit or human
From: Juri Haberland <juri () koschikode com>
Date: Thu, 31 Mar 2005 22:21:30 +0200
Hi, Victor Calzado wrote:
Valentin Avram wrote:
Most of the symptoms you describe and the "sudden" falling of more systems does point to a rootkit that was installed on the first compromised machine (FC2). That machine might have been later used to gain access to the other servers in your network.Yes, It sounds like a script kiddies compromise with worm infection too. There are groups of Romanian IRC Script Kiddies rooting RedHat 7.3 servers all over the world for quite a long time. Is there any of this RedHat 7.3 server running wu-ftpd ftp server or a web server with https support?
Do you have any information on what services/ which flaws are exploited and whether RH 7.3 boxes are still vulnerable to those exploits if updated with all updates from the Fedora Legacy Project? Cheers, Juri
Current thread:
- exploit or human Cristian Stanca (Mar 29)
- RE: exploit or human andrew2 (Mar 29)
- Re: exploit or human Kevin Reardon (Mar 30)
- Re: exploit or human Tim (Mar 30)
- Re: exploit or human Valentin Avram (Mar 30)
- Re: exploit or human Victor Calzado (Mar 31)
- Re: exploit or human Eduardo Kienetz (Mar 31)
- Re: exploit or human Juri Haberland (Mar 31)
- Re: exploit or human Victor Calzado (Mar 31)
- Re: exploit or human Ben Nelson (Mar 30)
- RE: exploit or human andrew2 (Mar 29)