Security Incidents mailing list archives
Re: Korea (was RE: ?)
From: phorlakh () CENTURYTEL NET (Joe User)
Date: Tue, 1 Feb 2000 17:48:57 -0600
Actually, ADM [or a variant of it] drops an entry in inetd.conf which puts up a service as /bin/sh to port 2222. The only thing I can think of for them putting this in in the manner which it's there would be to basically make the system "wide open" as kind of a boast. Either that or it was just a quick idea someone in the think tanks threw out. Atralakh Information Archives: ftp://atralakh.darktech.org Atralakh Haven: telnet://atralakh.darktech.org:2300 My home page: http://home.centurytel.net/kronovohr/ E-mail: kronovohr<at>centurytel<dot>net push ax,dx xor dx,dx pop ax push computer,out_window db 09 FF F8 F7 2E 0H SH 1T !! On Tue, 1 Feb 2000, Jon Lewis wrote:
On Thu, 27 Jan 2000, R a v e N wrote:A telnet backdoor on such a (relatively) low port that automatically drops you to a rootshell? This just proves how insecure educational institutes in eastern Asia are. They get cracked by such a bunch of amateur crackers.No country has a monopoly on this. I've seen exactly the same thing on dozens of boxes spread all over the world (US, AU, CN, CL, JP, DE, KR, SG and the list goes on). Why such primitive backdoors are used is somewhat of a mystery. In some cases, it's as simple as running /bin/sh from a line inserted in inetd.conf. In others, it's actually a replaced inetd or new daemon installed that spawns a shell with no authentication when connected to on a certain port. ---------------------------------------------------------------------- Jon Lewis *jlewis () lewis org*| Spammers will be winnuked or System Administrator | nestea'd...whatever it takes Atlantic Net | to get the job done. _________http://www.lewis.org/~jlewis/pgp for PGP public key__________
Current thread:
- Re: Korea (was RE: ?) Russell Fulton (Jan 31)
- <Possible follow-ups>
- Re: Korea (was RE: ?) Jon Lewis (Jan 31)
- Re: Korea (was RE: ?) Joe User (Feb 01)
- R: Re: Korea (was RE: ?) Raistlin (Feb 03)
- Re: R: Re: Korea (was RE: ?) CyberPsychotic (Feb 05)
- Re: Korea (was RE: ?) Paul Kincaid (Feb 01)
- Re: Korea (was RE: ?) Douglas Cho (Feb 08)