Re: A friend's cable modem Linux machine just got compromised

From: William N. Zanatta (williamat_private)
Date: Thu May 02 2002 - 06:12:45 PDT

Next message: Lance Spitzner: "Honeynet Project -> The Reverse Challenge"

Previous message: Mark Newby: "Tuxkit (Optic Kit?) -cracked (/dev/tux)"
In reply to: Jason Robertson: "Re: A friend's cable modem Linux machine just got compromised"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'll take my guess: Beastkit. Following, there is an analysis of a RH 
7.2 compromised box, take a look there and compare your friend's system.

http://cert.uni-stuttgart.de/forensics/rootkits/beastkit.en.php

William Zanatta

-=[ "When you know Slackware you know Linux. When you know Red Hat, all 
you know is Red Hat" ]=-


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Lance Spitzner: "Honeynet Project -> The Reverse Challenge"
Previous message: Mark Newby: "Tuxkit (Optic Kit?) -cracked (/dev/tux)"
In reply to: Jason Robertson: "Re: A friend's cable modem Linux machine just got compromised"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu May 02 2002 - 08:24:53 PDT