[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] Re: corrupt ifconfig
- Subject: RE: [cobalt-users] Re: corrupt ifconfig
- From: "Matt" <mattm@xxxxxxxxxx>
- Date: Sat Mar 22 10:23:01 2003
- Organization: Parcom Internet Web Hosting
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
Yeah, that is what Jean installed "chkrootkit" and that is how he found the
"infected" ifconfig file.. The box must have been hacked.. Anyway,, I guess
I am just going to have to rebuild..
Matt
-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx] On Behalf Of Bruce Timberlake
Sent: Saturday, March 22, 2003 9:31 AM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: [cobalt-users] Re: corrupt ifconfig
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> ifconfig is a binary, how could he edit or change it.
> I doubt that it is corrupt, if it is get a copy and replace it.
Could it be a trojaned binary? Someone might have hacked the box to
run a traffic sniffer or something (putting eth0 in promisc etc) and
the modified ifconfig was meant to hide that fact...?
Might want to install chkrootkit and see if it shows anything...
(www.cobaltfaqs.com)
- --
Bruce Timberlake
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+fJ3hvLA2hUZ9kgwRAtwdAJ4xNG8yUYmdg6LTaojohM1jwKrSMACfUwDL
0TpDqVTn5+l8Ov56txTBUvs=
=Cf74
-----END PGP SIGNATURE-----
_____________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users