[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] [RaQ3] Kernel IP routing table HACKED?

Subject: RE: [cobalt-users] [RaQ3] Kernel IP routing table HACKED?
From: "Curtis Ross" <Curtis_Ross@xxxxxx>
Date: Fri Jul 27 05:52:23 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> >> -----Original Message-----
> >> From:     enriquevega@xxxxxxx@CPR
> >> Sent:    Thursday, July 26, 2001 9:55 AM
> >> To:    cobalt-users@xxxxxxxxxxxxxxx
> >> Subject:    Re: [cobalt-users] [RaQ3] Kernel IP routing table
> > HACKED?
> >
> > <snip>
> >>>> My RaQ3 was recently hacked by Dwarf. I was notified by a change
to
> > an...
> >>> ...
> >>>> 169.254.183.37 which seems to end up at blackhole.isi.edu.
> >>>>
> >> Hmm, then I definitely have been hacked!
> > <snip>
> >
> > I would check with you ISP and see if they are using that IP for
> > hardware routing. It may not have any relationship with you being
> > hacked.
> 
> I did, and they said 169.254.183.37 has nothing to do with their
network. So
> what can I do to find the script which loads this ip address during
bootup?
> 
> enrique

Do me a favor and do a traceroute to cpr.ca from the machine in
question. Only need the first 6 hops or so.

Curtis

Follow-Ups:
- Re: [cobalt-users] [RaQ3] Kernel IP routing table HACKED?
  - From: enrique

Prev by Date: Re: [cobalt-users] OT: SysAdmin Day
Next by Date: RE: [cobalt-users] Re: Raq 4i Bandwidth Limits
Previous by thread: Re: [cobalt-users] [RaQ3] Kernel IP routing table HACKED?
Next by thread: Re: [cobalt-users] [RaQ3] Kernel IP routing table HACKED?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index