[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] [raq4r] how is it possible ??? Linux.OSF.8759 ?

Subject: [cobalt-users] [raq4r] how is it possible ??? Linux.OSF.8759 ?
From: "Bob Lenaerts" <bob@xxxxxxxxxx>
Date: Tue Jun 24 03:44:01 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

Hi all,

I've got everyting to prevent virusses.
Solarspeed's av suite, and mailscanner etc...

Now I've got Linux.OSF.8759 what's infected the whole /bin dir.
Anyway...
How is this possible ??

In the /var/tmp there where dirs installed EX: httpd.root  .tmp, and
.mail
I've got them removed, and then the shit started.
A friend of mine fixed procmail, but chrootkit reported that port 3049
of bindshell is still infected.

But how is this possible ?
Is that done from the inside or outside ?
Is a hardware firewall a better thing to buy, to prevent this from
happening ?

I guess I must do a Os restore to get everything out !
But I have an other up to date raq4r whitch is not infected whatsoever,
and installed everything michael ever installed :
1) av suite
2) mrtg
3) mailscanner  etc...

Is it possible to get the second disk out of that uninfected machine,
put it in a new raq4, and let sync the 2 disk as equal ?
Then get all the vsites and users OUT, and have an up to date (clean of
users) machine ?

Many thanks for your input

Bob lenaerts

Prev by Date: Re: [cobalt-users] parsereport.pl
Next by Date: Re: [cobalt-users] parsereport.pl
Previous by thread: Re: [cobalt-users] Port Scans
Next by thread: [cobalt-users] Seeing sites before propogation

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index