Security Incidents mailing list archives
Re: DoS Trojan on Solaris
From: dittrich () CAC WASHINGTON EDU (Dave Dittrich)
Date: Thu, 3 Feb 2000 16:46:40 -0800
On Wed, 2 Feb 2000, Roderick Padilla wrote:
It was discovered that the following programs had trojan replacements: /usr/lib/nfs/lockd /usr/lib/nfs/statd /usr/openwin/bin/rpc.ttdbserverd /usr/bin/login /usr/bin/ps /usr/bin/inetd /usr/sbin/in.rlogind /usr/sbin/login
Sorry I wasn't reading this folder sooner, but I have a paper on root
kits that explains some things (and ways to get around them - if anyone
else knows of others, let me know):
http://staff.washington.edu/dittrich/misc/faqs/rootkits.faq
David Brumley also has an article in September (I believe) issue of
;login: magazine.
--
Dave Dittrich Client Services
dittrich () cac washington edu Computing & Communications
University of Washington
<a href="http://www.washington.edu/People/dad/";>
Dave Dittrich / dittrich () cac washington edu [PGP Key]</a>
PGP 6.5.1 key fingerprint:
FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5
Current thread:
- Re: probe backs? was Re: [INCIDENTS] Korea Rob Quinn (Jan 31)
- <Possible follow-ups>
- Re: probe backs? was Re: [INCIDENTS] Korea Matthew Pemble (Feb 01)
- Re: probe backs? was Re: [INCIDENTS] Korea Pavel Kankovsky (Feb 02)
- DoS Trojan on Solaris Roderick Padilla (Feb 02)
- Re: DoS Trojan on Solaris Ross Mueller (Feb 02)
- Re: DoS Trojan on Solaris David Brumley (Feb 02)
- Interesting Probe Rick Magill (Feb 03)
- Re: DoS Trojan on Solaris Dave Dittrich (Feb 03)
- Re: DoS Trojan on Solaris Data_surge (Feb 04)
- Re: DoS Trojan on Solaris Ross Mueller (Feb 03)
- Compromised... Steve Logan (Feb 07)
- Re: Compromised... David Bernick (Feb 07)
- Re: Compromised... Japheth (Feb 07)
- Re: Compromised... Simon Britnell (Feb 08)
- Re: Compromised... technot (Feb 09)
- Re: Compromised... Sebastian (Feb 09)
- Prank phone calls related to recent break-ins? Nate Carlson (Feb 09)
- Question about event log events JF Prieur (Feb 08)