Security Incidents mailing list archives
Re: strange telnet behavior
From: Paul Gear <paulgear () bigfoot com>
Date: Sat, 23 Feb 2002 07:09:01 +1000
Gideon Lenkey wrote:
On Tue, 19 Feb 2002, Bryan Andersen wrote: /* Make a backup. wipe and reload. Then restore your data only. /* It has been rooted. Telnet should not be doing that at all. You really don't have to wipe and reload to recover from this root kit. It really doesn't change much. See the instructions in the archive: http://online.securityfocus.com/archive/75/249597
Those instructions may be sufficient for cleaning up the residue of the *attack*, but because it's a root kit, they could have done anything to the system. Unless you know _exactly_ what they've done (which is highly unlikely unless you're running full auditing), standard practice after any root compromise should be to reinstall and restore from backup. Paul http://paulgear.webhop.net ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- strange telnet behavior Vladimir Ivaschenko (Feb 18)
- Re: strange telnet behavior Pavel Kankovsky (Feb 20)
- Re: strange telnet behavior Vladimir Ivaschenko (Feb 20)
- Re: strange telnet behavior Bryan Andersen (Feb 20)
- Re: strange telnet behavior Gideon Lenkey (Feb 22)
- Re: strange telnet behavior Paul Gear (Feb 24)
- Re: strange telnet behavior Gideon Lenkey (Feb 22)
- Re: strange telnet behavior tfm (Feb 20)
- Solaris hack Jamie Lawrence (Feb 22)
- RE: Solaris hack Glenn Pitcher (Feb 24)
- strange udp packets Jason Robertson (Feb 24)
- Re: Solaris hack Matt K. (Feb 24)
- Re: Solaris hack Christopher X. Candreva (Feb 25)
- Re: Solaris hack Steve Huston (Feb 28)
- Solaris hack Jamie Lawrence (Feb 22)
- Re: Solaris hack Valdis . Kletnieks (Feb 24)
- Re: Solaris hack Eric Brandwine (Feb 25)
- Re: strange telnet behavior Pavel Kankovsky (Feb 20)
- Re: strange telnet behavior Raistlin (Feb 23)