/etc/ld.so.preload was: strange telnet behavior

From: Jens Hektor (hektorat_private-aachen.de)
Date: Tue Feb 19 2002 - 22:00:09 PST

Next message: Richard Stanway: "RE: [suse-security] Port 13139 - attack?"

Previous message: Quarantine: "brocade snmp vulnerability info"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) In-Reply-To: <20020218161308.A26890at_private> Hi. The fact that /etc/ld.so.preload is successfully opened reminds me of some machines cracked lately at our site. In the preload file there was a lib listed (libshow) that successfully hided itself as well as other files/processes/... Have a check with a bootable (recovery) CD on that system, what is loaded via the preload. Bye, Jens Hektor ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com

Next message: Richard Stanway: "RE: [suse-security] Port 13139 - attack?"
Previous message: Quarantine: "brocade snmp vulnerability info"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Feb 20 2002 - 15:08:58 PST