Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: LJK2 rootkit?

From: hektor () RZ RWTH-AACHEN DE (Jens Hektor)
Date: Wed, 17 May 2000 07:07:41 -0000

Hi,


Noteworthy: The bad english. The misplaced comma is a 
"common" european error, would fit in nicely with the
notes further down.

[...]

1 212.204


This network is owned by a company located in Gevelsberg,
Germany. The other networks are European, American and
Japanese.


Any ideas on whether or not it would be possible to
retrieve the Point of origin of the attack? Also, was 
this a known package? I haven't been able to
find anything about "LJK2"..


Maybe the network above gives the hint.

I think that the package was Linux Root Kit 4 or so
which is in use very often.

LJK2 might be less significant unless you find the
machine of the attacker.


Oh, and while the machine itself has been restored, 
I have a full backup available, so if you have any 
further questions about files etc I'll be glad
to dig them out.


Sent it to DFN-CERT.

Bye, Jens
Previous By Date Next
Previous By Thread Next

Current thread: