Re: Automated ssh scanning

[Tremaine <tremaine () gmail com>]

On Fri, 27 Aug 2004 13:40:01 +1200, VeNoMouS <venom () gen-x co nz> wrote:
> lol the amount of people still trying to work out what these binarys are is
> amusing, i already broke down what each package was and mailed it to full
> disclosure over 24hrs ago, dont you people read threads?
>
> I'll post it again.....
>
> www.bo2k-rulez.net/a
> kernel do_brk exploit by isec -
> http://www.k-otik.com/exploits/12.05.hatorihanzo.c.php, infected with rst.b
> , which when run tries to connect to 207.66.155.21 on port 80
> requesting /~telecom69/gov.php which is offline.
>
>
> www.corbeanu.as.ro/t.gz
> Ptrace/kmod kernel exploit by isec -
> http://www.k-otik.com/exploits/03.30.kernel.c.php
>
> http://roarmy.com/god.tgz
> root kit with backdoor'd ssh listens on port 26000 which replaces smbd
> binary, loggin of the ssh connections goes to /usr/include/iceconf.h , also
> has a crappy tcp sniffer which logs to /usr/lib/libice.log,and a syn flooder
>
> ***** backdoor password for this ssh door is ice4budu
>
> www.generatiapro.go.ro/fast.tgz
> emech setup for undernet to join #tty.

Yep, some of us saw this ;)  Thanks for having taken the time,
duplication of effort is so boring!

Cheers,

-- 
Tremaine
IT Security Consultant

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html