[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] Possible LDP Worm...
- Subject: RE: [cobalt-users] Possible LDP Worm...
- From: "Jordan Sharples" <jordan@xxxxxxxxxxx>
- Date: Mon Jul 29 11:01:00 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
* On Mon, 29 Jul 2002, Jordan Sharples wrote:
> >
> > I checked in the archives and only 8 indirect hits. Installed
ChkrootKit V
> > pre-0.36 and I have the normal errors in the log file but I cannot find
any
> > information on this reported error:
> >
> > "Searching for LPD Worm files and dirs... Possible LPD worm installed"
> >
> > It's a Raq4 with all the updates and I have logged out and back in again
> > (got rid of the 'lkm' message) but I have not rebooted the machine.
> >
> > Do I need some upgrades/patches? Let me know what you think.
>
> I don't know, but my RaQ4 reports
>
> Searching for LPD Worm files and dirs... nothing found
>
> I don't think updates/patches are going to fix it.
> I don't recall what this worm does, look on google for LPD Worm
> I'll look too
>
> _-
> Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
> http://frontstreetnetworks.com | Website Hosts & SOHO Networks
> 229 Front Street, Ste.#C, New Haven, CT. 06513 United States
> voice +1 203-785-0699 | fax +1 203-785-1787
Gerald,
I searched through google and found several hits but I don't have any of the
other signs of the Ramen Ldp worm. Some of the possibilities were:
/usr/sbin/asp directory - doesn't exist
/etc/xinetd.d/asp - doesn't exist
/usr/sbin/lpd - doesn't exist
/usr/src/.poop - doesn't exist.
Nothing in the /etc/rc.d/rc.sysinit refers to /etc/src/.poop
Nothing in the /etc/inetd.conf refers to /sbin/asp
And my LPR file in the /usr/share/terminfo/l/ directory is the same
date/time as the rest of the file in the same dir (Dec 6/2000).
Jordan.