Security Incidents mailing list archives
Re: strange telnet behavior
From: "Raistlin" <raistlin () s0ftpj org>
Date: Thu, 21 Feb 2002 15:58:26 +0100
Hi, see http://www.securityfocus.com/archive/75/249597
I'd like to add that we had a similar incident and there was also an eggdrop directory (which does not appear in the original rootkit) and the eggdrop process was masked as well. We stumbled into it by chance because an user ran an eggdrop and did not see his process anymore ^_^ Raistlin S0ftPj - Digital Security for Y2K -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GCS/E/IT/TW d++(-) s++:-- a-- C++++ UL++++ US+ P(---) L+++ E---- W+++ N++ o? K w--- !O M-- V-- PS++ PE- Y++ PGP++ t+++ !5 X+@ R+++ tv-- b+++ DI++++ D++ G+ e++(*) h! r+>++ y+ ------END GEEK CODE BLOCK------ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: strange telnet behavior, (continued)
- Re: strange telnet behavior Paul Gear (Feb 24)
- Re: strange telnet behavior tfm (Feb 20)
- Solaris hack Jamie Lawrence (Feb 22)
- RE: Solaris hack Glenn Pitcher (Feb 24)
- strange udp packets Jason Robertson (Feb 24)
- Re: Solaris hack Matt K. (Feb 24)
- Re: Solaris hack Christopher X. Candreva (Feb 25)
- Re: Solaris hack Steve Huston (Feb 28)
- Solaris hack Jamie Lawrence (Feb 22)
- Re: Solaris hack Valdis . Kletnieks (Feb 24)
- Re: Solaris hack Eric Brandwine (Feb 25)
- Re: strange telnet behavior Raistlin (Feb 23)