Security Incidents mailing list archives

Re: Compromised...

From: simon.britnell () PEACE COM (Simon Britnell)
Date: Wed, 9 Feb 2000 07:38:19 +1300


We've found a canned exploit called t666.  We can mail the source if you wish.
We got cracked too.  We interrupted some people using an account called web on
one of our systems, so we have their IP addresses from lastlog and some
interesting failures from /var/log/messages if you wish to pursue.  Another
system had the root kit in /usr/\ as described in an earlier post.

Japheth wrote:

So this ADMROCKS must be a mainstream method/kit, but I was unable to find
anything online via normal means.

Please let me know if you come up with anything. Thank you in advance!

Current thread:

DoS Trojan on Solaris, (continued)
- - DoS Trojan on Solaris Roderick Padilla (Feb 02)
    - Re: DoS Trojan on Solaris Ross Mueller (Feb 02)
    - Re: DoS Trojan on Solaris David Brumley (Feb 02)
    - Interesting Probe Rick Magill (Feb 03)
    - Re: DoS Trojan on Solaris Dave Dittrich (Feb 03)
    - Re: DoS Trojan on Solaris Data_surge (Feb 04)
    - Re: DoS Trojan on Solaris Ross Mueller (Feb 03)
    - Compromised... Steve Logan (Feb 07)
    - Re: Compromised... David Bernick (Feb 07)
    - Re: Compromised... Japheth (Feb 07)
    - Re: Compromised... Simon Britnell (Feb 08)
    - Re: Compromised... technot (Feb 09)
    - Re: Compromised... Sebastian (Feb 09)
    - Prank phone calls related to recent break-ins? Nate Carlson (Feb 09)
    - Question about event log events JF Prieur (Feb 08)
    - Re: Compromised... Jose Nazario (Feb 07)
    - Re: Compromised... Jim Kinney (Feb 07)
    - Re: Compromised... Jon Lewis (Feb 07)
    - Re: Compromised... Joshua Krage (Feb 08)
    - Re: Compromised... Rich Burroughs (Feb 09)
    - Re: Compromised... Lane Davis (Feb 07)

(Thread continues...)