[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] pkg.nl.cobalt - Open SSH

Subject: Re: [cobalt-users] pkg.nl.cobalt - Open SSH
From: "_ cbtrussell _" <cbtrussell@xxxxxxxxxxx>
Date: Mon Jan 7 23:47:55 2002
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

We had a machine rooted on Saturday.  While I watched in fact, but there
wasn't anything I could do about it; it happened too quickly <frown>.  I
noticed it when I couldn't get pop email anymore.

EVERY command-line utility was replaced.  So you couldn't see anything
wrong if you used them.

So how did you know you were compromised? How did they get in? (I'm askingbecause I'm trying to learn to identify the signs....)

I have a copy of the rootkit, it was left on the machine for others to
download <frown>, but I don't think I'm going to give it to anyone.


Did you/are going to just do a fresh restore?

Thanks

Brandon

_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com

Follow-Ups:
- Re: [cobalt-users] pkg.nl.cobalt - Open SSH
  - From: Jeff Lasman

Prev by Date: [cobalt-users] Firewall Problems
Next by Date: Re: [cobalt-users] PHP and Raq2 -is this still the currentcommand to install
Previous by thread: Re: [cobalt-users] pkg.nl.cobalt - Open SSH
Next by thread: Re: [cobalt-users] pkg.nl.cobalt - Open SSH

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index