[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Re: corrupt ifconfig

Subject: RE: [cobalt-users] Re: corrupt ifconfig
From: "Michael D. Bathrick" <prez@xxxxxxxxxxxxx>
Date: Sat Mar 22 12:42:00 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

As a temporary fix you can replace the files flagged as compromised and
lock the machine down using wrappers.  It'll keep them out until it's a
convenient time (don't wait too long though).

Michael D. Bathrick
President
BerkshireNet, Inc
126 Fenn Street
Pittsfield, MA 01201
(413) 442-7805


-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx] On Behalf Of Matt
Sent: Saturday, March 22, 2003 1:22 PM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: RE: [cobalt-users] Re: corrupt ifconfig

Yeah, that is what Jean installed "chkrootkit" and that is how he found
the
"infected" ifconfig file.. The box must have been hacked.. Anyway,, I
guess
I am just going to have to rebuild..

Matt

-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx] On Behalf Of Bruce
Timberlake
Sent: Saturday, March 22, 2003 9:31 AM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: [cobalt-users] Re: corrupt ifconfig


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> ifconfig is a binary, how could he edit or change it.
> I doubt that it is corrupt, if it is get a copy and replace it.

Could it be a trojaned binary? Someone might have hacked the box to 
run a traffic sniffer or something (putting eth0 in promisc etc) and 
the modified ifconfig was meant to hide that fact...?

Might want to install chkrootkit and see if it shows anything... 
(www.cobaltfaqs.com)

- -- 
Bruce Timberlake

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+fJ3hvLA2hUZ9kgwRAtwdAJ4xNG8yUYmdg6LTaojohM1jwKrSMACfUwDL
0TpDqVTn5+l8Ov56txTBUvs=
=Cf74
-----END PGP SIGNATURE-----


_____________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users


_____________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users

References:
- RE: [cobalt-users] Re: corrupt ifconfig
  - From: Matt

Prev by Date: Re: [cobalt-users] /sbin/service
Next by Date: Re: [cobalt-users] PHP assistance
Previous by thread: RE: [cobalt-users] Re: corrupt ifconfig
Next by thread: RE: [cobalt-users] HELP HELP HELP RAQ4r CPU slowly creeps up till server is un-usable

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index