Pantek Library

Hosting Provided By

CybrHost

High Speed Hosting

Re: Rooted, .haos on system

From: Mattias Hedenskog <tsixla(at)antisec.net>
Date: Mon Dec 16 2002 - 15:51:17 EST

Hey..
>From what I can see you've been rooted by this "group" called hoax. They
probably just had some rootkit laying around. All very simple. But still you need to take to take action, my guess is that those guys aren't pros. Run chkrootkit (ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz) for backdoors/infected binaries. and you really need to check your local security. I don't know what your situation is like but I would've shut down most of my services/users and start looking for backdoors/traces and such. Feel free to send me those tarballs if you want, I could browse em through quick.

// Mattias Hedenskog

> I've just received word that one of our customers was rooted, and he's

-- 
irc:tsixla@efnet,irscnet
mail:tsixla@antisec.net 
http://tsixla.antisec.net

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: 
http://aris.securityfocus.com

Received on Mon Dec 16 16:21:28 2002

This message: [ Message body ]
Next message: Mike Katz: "Re: Rooted, .haos on system"
Previous message: James C Slora Jr: "RE: Logs: Many hits with source port of 80"
In reply to Damian Gerow: "Rooted, .haos on system"
Next in thread: zeno: "Re: Rooted, .haos on system"
Reply: zeno: "Re: Rooted, .haos on system"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:54 EDT

Contact Us Legal Notices Order Services Online
Pantek Home Privacy Policy IT news Site Map Pantek Library