[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [linux-security] Re: Bind Overrun Bug and Linux

From: The Nolander <nolander krixor xy org>
To: linux-security redhat com
Subject: Re: [linux-security] Re: Bind Overrun Bug and Linux
Date: Fri, 22 May 1998 19:17:47 +0200 (CEST)

On Tue, 19 May 1998, Leigh Porter wrote:

> It seems that the purpotrator used ncftp to get a file called "hide" from various
> systems which no longer seem to have this. This file contained an archive of
> the trojan's that were inserted into the compromised system - does anybody know
> what is in these trojans?

Check the Linux RootKit ... (LRK)..

Typically LRK to use config-files.. (and typically LRK-users to place
files in /dev.. find /dev -type f | grep -v MAKEDEV.. examine results)

ps
ls
top
netstat
ifconfig
linsniff
login

I think those are the ones included in LRK..

References:
- Re: [linux-security] Bind Overrun Bug and Linux
  - From: Leigh Porter

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]