|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: I Was rooted
From: Michal Nazarewicz (cefek
CAREER.PL)Date: Sat Jul 22 2000 - 06:43:19 CDT
- Next message: The Incubus: "Re: Which webserver exploit is this?"
- Previous message: Kurt Weiske: "low numbers connects to DNS?"
- Maybe in reply to: Andrew Heath: "I Was rooted"
- Maybe reply: Michal Nazarewicz: "Re: I Was rooted"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Monday, Andrew Heath wrote:
AH>as well as the sshd and sshd2, which seems a bit strange. Things that it
AH>does that don't make sense to me include trojaning named, stopping and
AH>deleting portmap, smbd, and nmbd, and removeing the imap entry from
AH>inetd.conf. It also adds a binary "myserver" into lib which seems to be a
That's kind of a kiddie security tightening. This script blindly deletes
services, that may contain security holes. Crakers don't like when
somebody other gets after their owned machine, so the best way to
accomplish this is -- to remove potentially exploitable holes.
Could you please upload to any website this rootkit?
-- Michal 'CeFeK' Nazarewicz / CAOL, DK GROUP SYSADMIN ^ NETADMIN B ICQ 47171266 / +48 (601) CEFEK 0 / http://www.dkgroup.pl/index.html O mailto:cefek at saydk dot co dot uk / MN4735-RIPE / Pengiun #164007 F The best way to accelerate a Macintoy is 9.8 meters per second, squared. H
- Next message: The Incubus: "Re: Which webserver exploit is this?"
- Previous message: Kurt Weiske: "low numbers connects to DNS?"
- Maybe in reply to: Andrew Heath: "I Was rooted"
- Maybe reply: Michal Nazarewicz: "Re: I Was rooted"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]