-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have posted the rootkit and tripwire report online for everyone: http://codepiranha.org/~pakkit/rootkits/nsdap.tar.gz http://codepiranha.org/~pakkit/rootkits/tripwire_report.txt the initial breakin was the result of the dtpscd vulnerability addressed by Sun last month... also, what is not shown in the tripwire report is /tmp/z containing the following: rje stream tcp nowait root /bin/sh sh -i thanks, shawn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (OpenBSD) Comment: For info see http://www.gnupg.org iD8DBQE8bB3k3Qw8DHute6kRAvz9AKCL5ruhSdltCDyWg6yo6B+KL4X5UwCfY7JO 6jHkoCsfSm3n4f7kuOvYOFA= =xd49 -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Feb 14 2002 - 13:59:15 PST