Security Incidents mailing list archives
backdoor in freebsd found..
From: Renee Teunissen <renee () wittenburg10c nl>
Date: Sat, 18 Aug 2001 14:25:45 +0200
Hi, A few days ago I checked a clients machine for problems, sinds two userid's where added. After some seaching, a run of nmap I found TCP port 54 to be open and with lsof if found a small backdoor installed as /usr/bin/getty. So far as I can see it's just a simple backdoor, only connecting to it with netcat didnt give me what I tought I should get. Anyone any idears? I've put the "getty" on one of my boss' machines, it can be found on http://sms.pts.nl/renee/getty.gz (4KB). Strings gives me something that could be a userid or something like this. Anyone seen thisone before? And I think they got in using a faulty telnetd. Cheers, Renee. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- backdoor in freebsd found.. Renee Teunissen (Aug 18)
- Re: backdoor in freebsd found.. Rainer Weikusat (Aug 19)