Security Incidents mailing list archives
/etc/ld.so.preload was: strange telnet behavior
From: Jens Hektor <hektor () rz rwth-aachen de>
Date: 20 Feb 2002 06:00:09 -0000
In-Reply-To: <20020218161308.A26890 () francoudi com> Hi. The fact that /etc/ld.so.preload is successfully opened reminds me of some machines cracked lately at our site. In the preload file there was a lib listed (libshow) that successfully hided itself as well as other files/processes/... Have a check with a bootable (recovery) CD on that system, what is loaded via the preload. Bye, Jens Hektor ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- /etc/ld.so.preload was: strange telnet behavior Jens Hektor (Feb 20)