[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Trinoo DDoS server in init

Subject: Re: [cobalt-users] Trinoo DDoS server in init
From: inc@xxxxxxxxxxxxx
Date: Thu Feb 15 00:16:10 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> I was hacked a few days ago, and it looks as though my /usr/sbin/init file
> has been replaced with a version containing a Trinoo DDoS server. The init
> file /sbin/init appears untouched however. Is /sbin/init the same file as
> /usr/sbin/init, or are they different. If they are different, could
someone
> possibly attach a clean version to an e-mail or put it up on a web site
etc?
>



[root@www /root]# ls -l /usr/sbin/init
ls: /usr/sbin/init: No such file or directory

[root@www /root]# ls -l /sbin/init
-rwxr-xr-x   1 root     root        27176 Apr 25  2000 /sbin/init

[root@www /root]# md5sum /sbin/init
5a64a78a799ab2e0cc3c8a6f931ab2f4  /sbin/init  <== could someone else verify?


other md5 checksums here:

http://list.cobalt.com/pipermail/cobalt-users/2001-February/032902.html

Follow-Ups:
- RE: [cobalt-users] Trinoo DDoS server in init
  - From: Tony

References:
- [cobalt-users] Trinoo DDoS server in init
  - From: Roger Dunk

Prev by Date: [cobalt-users] IMPORTANT - POSSIBLE HACKS WITH PATCHES!!
Next by Date: [cobalt-users] RE: how get browser to display http://domain.com not http://www.domain.com once on home page?
Previous by thread: [cobalt-users] Trinoo DDoS server in init
Next by thread: RE: [cobalt-users] Trinoo DDoS server in init

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index