[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] Hacked?
- Subject: [cobalt-users] Hacked?
- From: "Cable Dude"<cabledude@xxxxxxxxxxxx>
- Date: Tue Mar 6 22:25:47 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
When we run chkrootkit we get:
Checking `chfn'... Not vulnerable
Checking `chsh'... Not vulnerable
Checking `cron'... Not vulnerable
Checking `sshd'... Not vulnerable
Checking `du'... Not vulnerable
Checking `find'... Not vulnerable
Checking `fingerd'... Not vulnerable
Checking `su'... Not vulnerable
Checking `ifconfig'... Not vulnerable
Checking `inetd'... Not vulnerable
Checking `killall'... Not vulnerable
Checking `login'... Not vulnerable
Checking `ls'... Not vulnerable
Checking `netstat'... Not vulnerable
Checking `passwd'... Not vulnerable
Checking `pidof'... Not vulnerable
Checking `ps'... Not vulnerable
Checking `rshd'... Not vulnerable
Checking `syslogd'... Not vulnerable
Checking `tcpd'... Not vulnerable
Checking `top'... Not vulnerable
Checking `telnetd'... Not vulnerable
Checking `asp'... Not vulnerable
Checking `bindshell'... Not vulnerable
Checking `z2'... lastlog entry may be corrupted
Nothing deleted
Checking `wted'... Nothing deleted
Checking `sniffer'...
eth0 is not promisc
eth0:1 is not promisc
eth0:0 is not promisc
eth0:10 is not promisc
eth0:2 is not promisc
eth0:3 is not promisc
eth0:4 is not promisc
eth0:5 is not promisc
eth0:6 is not promisc
eth0:7 is not promisc
eth0:9 is not promisc
Checking `aliens'... No suspect files
Searching for sniffer's logs, it may take a while... Nothing found
Searching for t0rn's default files and dirs... Nothing found
Searching for Ambient's rootkit (ark) default files and dirs... Nothing found
Searching for suspicious files and dirs, it may take a while...
/usr/lib/perl5/5.00503/i386-linux/.packlist /usr/lib/perl5/site_perl/5.005/i386-linux/auto/GD/.packlist /usr/lib/perl5/site_perl/5.005/i386-linux/auto/mod_perl/.packlist /usr/lib/perl5/site_perl/5.005/i386-linux/auto/MD5/.packlist /usr/lib/perl5/site_perl/5.005/i386-linux/auto/Quota/.packlist /usr/lib/perl5/site_perl/5.005/i386-linux/auto/XML/Parser/.packlist /usr/lib/perl5/site_perl/5.005/i386-linux/auto/Devel/Symdump/.packlist /usr/lib/perl5/site_perl/5.005/i386-linux/auto/DBI/.packlist /usr/lib/perl5/site_perl/5.005/i386-linux/auto/Msql-Mysql-modules/.packlist /usr/lib/perl5/site_perl/5.005/i386-linux/auto/Crypt/CBC/.packlist /usr/lib/perl5/site_perl/5.005/i386-linux/auto/Crypt/Blowfish/.packlist /usr/lib/perl5/site_perl/5.005/i386-linux/auto/Crypt/DES/.packlist /usr/lib/perl5/site_perl/5.005/i386-linux/auto/Mail/POP3Client/.packlist /usr/lib/perl5/site_perl/5.005/i386-linux/auto/Unicode/String/.packlist /usr/lib/perl5/site_perl/5.005/i386-linux/auto/Unicode/Map8/.packlist /usr/lib/perl5/site_perl/5.005/i386-linux/auto/Unicode/Map/.packlist
Searching for Ramen Worm files and dirs... Nothing found
Checking `lkm'... Nothing detected
<then we run it again and get the following:>
Checking `chfn'... Not vulnerable
Checking `chsh'... Not vulnerable
Checking `cron'... Not vulnerable
Checking `sshd'... Not vulnerable
Checking `du'... Not vulnerable
Checking `find'... Not vulnerable
Checking `fingerd'... Not vulnerable
Checking `su'... Not vulnerable
Checking `ifconfig'... Not vulnerable
Checking `inetd'... Not vulnerable
Checking `killall'... Not vulnerable
Checking `login'... Not vulnerable
Checking `ls'... Not vulnerable
Checking `netstat'... Not vulnerable
Checking `passwd'... Not vulnerable
Checking `pidof'... Not vulnerable
Checking `ps'... Not vulnerable
Checking `rshd'... Not vulnerable
Checking `syslogd'... Not vulnerable
Checking `tcpd'... Not vulnerable
Checking `top'... Not vulnerable
Checking `telnetd'... Not vulnerable
Checking `asp'... Not vulnerable
Checking `bindshell'... Not vulnerable
Checking `z2'... lastlog entry may be corrupted
Nothing deleted
Checking `wted'... Nothing deleted
Checking `sniffer'...
eth0 is not promisc
eth0:1 is not promisc
eth0:0 is not promisc
eth0:10 is not promisc
eth0:2 is not promisc
eth0:3 is not promisc
eth0:4 is not promisc
eth0:5 is not promisc
eth0:6 is not promisc
eth0:7 is not promisc
eth0:9 is not promisc
Checking `aliens'... No suspect files
Searching for sniffer's logs, it may take a while... Nothing found
Searching for t0rn's default files and dirs... Nothing found
Searching for Ambient's rootkit (ark) default files and dirs... Nothing found
Searching for suspicious files and dirs, it may take a while...
/usr/lib/perl5/5.00503/i386-linux/.packlist /usr/lib/perl5/site_perl/5.005/i386-linux/auto/GD/.packlist /usr/lib/perl5/site_perl/5.005/i386-linux/auto/mod_perl/.packlist /usr/lib/perl5/site_perl/5.005/i386-linux/auto/MD5/.packlist /usr/lib/perl5/site_perl/5.005/i386-linux/auto/Quota/.packlist /usr/lib/perl5/site_perl/5.005/i386-linux/auto/XML/Parser/.packlist /usr/lib/perl5/site_perl/5.005/i386-linux/auto/Devel/Symdump/.packlist /usr/lib/perl5/site_perl/5.005/i386-linux/auto/DBI/.packlist /usr/lib/perl5/site_perl/5.005/i386-linux/auto/Msql-Mysql-modules/.packlist /usr/lib/perl5/site_perl/5.005/i386-linux/auto/Crypt/CBC/.packlist /usr/lib/perl5/site_perl/5.005/i386-linux/auto/Crypt/Blowfish/.packlist /usr/lib/perl5/site_perl/5.005/i386-linux/auto/Crypt/DES/.packlist /usr/lib/perl5/site_perl/5.005/i386-linux/auto/Mail/POP3Client/.packlist /usr/lib/perl5/site_perl/5.005/i386-linux/auto/Unicode/String/.packlist /usr/lib/perl5/site_perl/5.005/i386-linux/auto/Unicode/Map8/.packlist /usr/lib/perl5/site_perl/5.005/i386-linux/auto/Unicode/Map/.packlist
Searching for Ramen Worm files and dirs... Nothing found
Checking `lkm'...
you have 2 processes hidden for readdir command
you have 2 processes hidden for ps command
possible LKM Trojan
Why would the results vary? Everything is working fine on the server.
Jeff
New! ApexMail now registers domains! www.apexmail.com