[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Hacked Cobalt Servers

Subject: RE: [cobalt-users] Hacked Cobalt Servers
From: "Chuck Lewis" <clewis@xxxxxxxxxx>
Date: Thu Apr 17 12:01:01 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

Well chkroot got done running and I see the following:

Checking `lkm'... You have     1 process hidden for readdir command
You have     1 process hidden for ps command
Warning: Possible LKM Trojan installed
Checking `rexedcs'... not found
Checking `sniffer'...
eth0 is PROMISC
ipsec0 is not promisc
Checking `wted'... nothing deleted
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking `z2'...
nothing deleted

So, do I have a problem ?
 
Chuck

-----Original Message-----
From: Kevin  Sent: Wednesday, April 16, 2003 1:36 PM
 
>Just wondering if and how many other cobalt servers have been hacked
>lately, and if by the same group or person?

>Mine was hacked last weekend by Blood Br. Dumped and reloaded from a cmu
>file. There probably was a better way to setup the DNS server, but I did
>it one at a time.

Follow-Ups:
- RE: [cobalt-users] Hacked Cobalt Servers
  - From: Tom Cameron

References:
- [cobalt-users] Hacked Cobalt Servers
  - From: Kevin

Prev by Date: Re: [cobalt-users] RaQ 550 Missing Users
Next by Date: Re: [cobalt-users] thumbs up on Solarspeed.net
Previous by thread: RE: [cobalt-users] Hacked Cobalt Servers
Next by thread: RE: [cobalt-users] Hacked Cobalt Servers

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index