Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Help with compromised linux box.

From: Erik Tayler <nine () 14X NET>
Date: Sun, 17 Sep 2000 23:01:32 -0500
You were infected with the DDoS client/server Stacheldraht.

( /dev/chr/stachel[draht] )

I would be happy to take a look at the tarball for you. Do you have
specs such as which distribution of Linux you use, running services, et
cetera? Anyway, send along the tarball.

Erik Tayler
http://www.14x.net
http://www.digitaloffense.net



My Linux box was compromised a couple of weeks ago.  Once I noticed this I removed it from the Internet
and began trying to figure out what this person did.  I've found a program that was hidden in /dev/chr/stachel/
Previous By Date Next
Previous By Thread Next

Current thread: