Security Incidents mailing list archives

Re: strange telnet behavior

From: Gideon Lenkey <glenkey () infotech-nj com>
Date: Wed, 20 Feb 2002 23:41:21 -0500 (EST)

On Tue, 19 Feb 2002, Bryan Andersen wrote:

/* Make a backup. wipe and reload.  Then restore your data only.
/* It has been rooted.  Telnet should not be doing that at all.

You really don't have to wipe and reload to recover from this root kit.
It really doesn't change much. See the instructions in the archive:

        http://online.securityfocus.com/archive/75/249597

--Gideon

*  Gideon J. Lenkey, CISSP     *    PGP Key ID 0x92556BEC *
* InfoTech Associates, Inc.    *         pgp.mit.edu      *



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

strange telnet behavior Vladimir Ivaschenko (Feb 18)
- Re: strange telnet behavior Pavel Kankovsky (Feb 20)
  - Re: strange telnet behavior Vladimir Ivaschenko (Feb 20)
- Re: strange telnet behavior Bryan Andersen (Feb 20)
  - Re: strange telnet behavior Gideon Lenkey (Feb 22)
    - Re: strange telnet behavior Paul Gear (Feb 24)
- Re: strange telnet behavior tfm (Feb 20)
  - Solaris hack Jamie Lawrence (Feb 22)
    - RE: Solaris hack Glenn Pitcher (Feb 24)
    - strange udp packets Jason Robertson (Feb 24)
    - Re: Solaris hack Matt K. (Feb 24)
    - Re: Solaris hack Christopher X. Candreva (Feb 25)
    - Re: Solaris hack Steve Huston (Feb 28)
    - Re: Solaris hack Valdis . Kletnieks (Feb 24)
    - Re: Solaris hack Eric Brandwine (Feb 25)

(Thread continues...)