Security Incidents mailing list archives

Re: RedHat 6.2 boxes root'ed, shitc.tgz installed

From: Bill Burge <bill () Burge com>
Date: Fri, 20 Oct 2000 09:20:38 -0700

I've cleaned up three hosts with this on it.  I don't recall in.slogind, but I'll check.

The sshd looked pretty standard, even in the response string.

If I get on one of the hosts this weekend, I'll post the contents of the tgz...

Bill Burge

*********** REPLY SEPARATOR  ***********

On 10/20/00 at 9:30 AM Andreas Östling wrote:

There is a modified sshd /bin/fgry which listens on port 5665
and /bin/in.slogind that listens on port 19000.


What did the output (if any) look like when connecting to these ports?

/Andreas Östling

Current thread:

RedHat 6.2 boxes root'ed, shitc.tgz installed josh (Oct 19)
- Re: RedHat 6.2 boxes root'ed, shitc.tgz installed Scott Nursten (Oct 20)
- Re: RedHat 6.2 boxes root'ed, shitc.tgz installed Andreas Östling (Oct 20)
  - Re: RedHat 6.2 boxes root'ed, shitc.tgz installed josh (Oct 24)
  - Re: RedHat 6.2 boxes root'ed, shitc.tgz installed Bill Burge (Oct 24)
- Re: RedHat 6.2 boxes root'ed, shitc.tgz installed Jeremy Gaddis (Oct 24)