I believe that in the wild solaris and linux have been the most common systems exploited, and solaris is the #1 platform that has been seen to be compromised and used to DOS other systems, thus the solaris binaries... Thanks, Ron DuFresne On Wed, 5 Jan 2000 sedwardsat_private wrote: > On Tue, 4 Jan 2000, James Triplett wrote: > > > > Where to find the software: > > > > > > The host-based tool from NIPC may be found at: > > > http://www.fbi.gov/nipc/trinoo.htm > > > > I suppose this is legit. However, they are asking us to run > > AS ROOT, some unknown executable on all our important systems. > > Goes against the most basic security procedures! > > > > No source provided, no way to ensure that this isn't just another trojan... > > (even the fbi.gov site could be hacked, and anyway how do they know what > > is in the executable?) > > > > James > > Running strings on the executable prints out stuff that looks a lot like > the attack client/server. Did they use the source to create their tool? > > This made me anxious enough to wait for a while to see if somebody posted > a warning... > > Also, why no i386 executables or even a mention that the executables they > provided were only for SPARC? > > > Thanks in advance, > ------------------------------------------------------------------------ > Steve Edwards sedwardsat_private Voice: +1-760-723-2727 PST > Newline Pager: +1-888-478-5085 Fax: +1-760-731-3000 > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior consultant: darkstar.sysinfo.com http://darkstar.sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too!
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:56:49 PDT