Security Incidents mailing list archives

Re: AMDROCKS

From: jst () INTEGRITY COM (J. S. Townsley)
Date: Fri, 26 May 2000 12:31:07 -0700


Please review the following.

http://www.cert.org/current/current_activity.html#bind

--JST

On Fri, 26 May 2000, Alejandro wrote:

Date: Fri, 26 May 2000 09:06:09 -0300
From: Alejandro <aflores () PCR RECIFE PE GOV BR>
To: INCIDENTS () SECURITYFOCUS COM
Subject: Re: AMDROCKS

      Hi,

      Recently I discovered a folder called ADMROCKS located on my
server inside /var/named, and I can't figure it out, how it was made, if I
was hacked, or if my machine is compromissed... Other strange thing was
that I discovered a line on /etc/inetd.conf invoking an interactive shell
owned by root. Im using linux redhat 6.1.

Thanks a lot,
Alejandro

Hi,

I have a Cobalt RaQ3 that some jerk messed up with
AMDROCKS. Can anyone tell me about it?

Has Cobalt done anything about this security weakness?

Thanks,

Jim


--
J. S. Townsley                          Senior System Administrator
jst () integrity com

Current thread:

invalid icmp in linux?, (continued)
- - - invalid icmp in linux? Eric LeBlanc (May 27)
    - Re: invalid icmp in linux? Jose Nazario (May 28)
    - weird scan pattern Joe H (May 28)
    - Re: weird scan pattern Russell Fulton (May 29)
    - IDS: Scan of the week Lance Spitzner (May 30)
    - 5 scans of 12345 in a couple of hours. AUSCERT#36349 Russell Fulton (May 31)
    - Taiwan server compromise Claudiu Costin (May 26)
    - Re: Taiwan server compromise Vortex (May 26)
    - port 44767 activity Nathan Fain (May 28)
    - Re: AMDROCKS Alejandro (May 26)
    - Re: AMDROCKS J. S. Townsley (May 26)
    - Re: AMDROCKS Lance Spitzner (May 26)
    - Re: AMDROCKS Matthew F. Caldwell (May 26)
    - CERT's Handbook for Computer Security Incident Response Teams (CSIRTs) Elias Levy (May 26)