Security Incidents mailing list archives
Re: rooted with lots of files in /dev/sdc0/.nfs01
From: felix () BROADBAND HU (Marianovich Felix)
Date: Fri, 25 Feb 2000 11:23:08 +0100
Hello Jeff!
Has anyone seen this?
Yes, once I have same thing. I think you have take a look for the other binaries too. E.g: /bin/login. /bin/ls, ps, netstat, etc. And try move or delete these files. Maybe it won't work. Than look these files attributes with lsattr command. With this command you can filter the compromised files.
Also, ps showed the programs scan and z0ne. But doing a find for those files turned up no results, even after replacing find. However, after rebooting, find found the files.
It is interesting... In my system was changed some of the kernel libs too. Maybe you can change them too. Good luck for it. Felix Marianovich.
Current thread:
- rooted with lots of files in /dev/sdc0/.nfs01 Jeff Macdonald (Feb 23)
- Slow scan on port 109 (pop2/kpop) Keith Owens (Feb 24)
- just how much sunrpc scanning is normal? Jon Burdge (Feb 24)
- Re: just how much sunrpc scanning is normal? Missouri FreeNet Administration (Feb 25)
- Re: just how much sunrpc scanning is normal? Jon Lewis (Feb 25)
- Re: just how much sunrpc scanning is normal? Nathan Nichols (Feb 25)
- Re: just how much sunrpc scanning is normal? Chris Brenton (Feb 26)
- Re: rooted with lots of files in /dev/sdc0/.nfs01 Ken Lyon (Feb 24)
- Re: rooted with lots of files in /dev/sdc0/.nfs01 Marianovich Felix (Feb 25)