[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] RaQ 4R Hack ifconfig

Subject: Re: [cobalt-users] RaQ 4R Hack ifconfig
From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Sat May 4 07:04:01 2002
Organization: Front Street Networks LLC
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

On Saturday 04 May 2002 08:53 am, Hans Hoefer wrote:
> Hi all,
>
> I had an intruder who placed some root-kits on my RaQ 4.
> We found about 1.5 MB hacker stuff like bobkit, th0rnkit v9
>
> Ifconfig looked a liitle strange. How many entrences does ifconfig have?
> I found about 250 like this one:
>
> eth0:254  Link encap:Ethernet  HWaddr 00:10:E0:01:CE:5D
>           inet addr:62.116.36.254  Bcast:1.2.3.4  Mask:255.0.0.0
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           Interrupt:11 Base address:0x6200
>
> Is this normal?

Do you use 254 ipaddresses?  Is your mask really 255.0.0.0?
The one above is for 1.2.3.254, looks OK

But look if you have been hacked, you have two choices,
1) higher a security expert to clean the system...
2) restore the system...
Either way try and make sure you have your web sites backed up.

-- 
Gerald Waugh : Registered Linux user # 255245
http://www.frontstreetnetworks.com
Front Street Networks LLC - ph. 203.785.0699
229 Front Street, Ste. #C, New Haven, CT, United States of America
10:00am up 43 days, 17:27, 3 users, load average: 1.12, 1.18, 1.30

References:
- [cobalt-users] RaQ 4R Hack ifconfig
  - From: Hans Hoefer

Prev by Date: [cobalt-users] RaQ 4R Hack ifconfig
Next by Date: Re: [cobalt-users] RE: Re: How can I speed up Sendmail?
Previous by thread: [cobalt-users] RaQ 4R Hack ifconfig
Next by thread: Re: [cobalt-users] [Qube3] Adding a 2nd Harddrive?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index