Security Incidents mailing list archives
Re: Compromised...
From: simon.britnell () PEACE COM (Simon Britnell)
Date: Wed, 9 Feb 2000 07:38:19 +1300
We've found a canned exploit called t666. We can mail the source if you wish. We got cracked too. We interrupted some people using an account called web on one of our systems, so we have their IP addresses from lastlog and some interesting failures from /var/log/messages if you wish to pursue. Another system had the root kit in /usr/\ as described in an earlier post. Japheth wrote:
So this ADMROCKS must be a mainstream method/kit, but I was unable to find anything online via normal means. Please let me know if you come up with anything. Thank you in advance!
Current thread:
- DoS Trojan on Solaris, (continued)
- DoS Trojan on Solaris Roderick Padilla (Feb 02)
- Re: DoS Trojan on Solaris Ross Mueller (Feb 02)
- Re: DoS Trojan on Solaris David Brumley (Feb 02)
- Interesting Probe Rick Magill (Feb 03)
- Re: DoS Trojan on Solaris Dave Dittrich (Feb 03)
- Re: DoS Trojan on Solaris Data_surge (Feb 04)
- Re: DoS Trojan on Solaris Ross Mueller (Feb 03)
- Compromised... Steve Logan (Feb 07)
- Re: Compromised... David Bernick (Feb 07)
- Re: Compromised... Japheth (Feb 07)
- Re: Compromised... Simon Britnell (Feb 08)
- Re: Compromised... technot (Feb 09)
- Re: Compromised... Sebastian (Feb 09)
- Prank phone calls related to recent break-ins? Nate Carlson (Feb 09)
- DoS Trojan on Solaris Roderick Padilla (Feb 02)
- Question about event log events JF Prieur (Feb 08)
- Re: Compromised... Jose Nazario (Feb 07)
- Re: Compromised... Jim Kinney (Feb 07)
- Re: Compromised... Jon Lewis (Feb 07)
- Re: Compromised... Joshua Krage (Feb 08)
- Re: Compromised... Rich Burroughs (Feb 09)
- Re: Compromised... Lane Davis (Feb 07)