From: Fred Cummins (fred.cummins at domain ucd.ie)
Date: Mon 20 Aug 2001 - 16:05:00 IST
>
> On Mon, Aug 20, 2001 at 10:58:06AM +0100, Fred Cummins wrote:
>
> > found it by using 'locate puta', as t0rn and its attendant files
> > generally live in a directory called '.puta' which doesn't show up using
> > 'ls -a'. I had an up-to-date set of BIND utilities, so I don't know how
>
> Why would a directory called .puta not show up in a ls -a listing ? (Unless
> of course the cracker had installed a customised ls)
t0rn includes a customized ls, ps etc. However they forgot some
utilities. I assume 'find' is one:)
>
> > this bugger got in, and I notice the files were modified by a German.
>
> What lets you make this assumption ?
Comments and the renamed files (e.g. t0rnsauber in place of
t0rnclean....)
The box has been completely stripped and reinstalled. I'd be interested
to know if anyone else is hit by this, and what the entry point was.
-- ........................................................................ --> mail: Dr Fred Cummins, Dept of Computer Science, U.C.D, Dublin 4 --> email: fred.cummins at ucd.ie --> www: gahu.ucd.ie/~fred --> phone: +353-(0)1-7162902 ........................................................................
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:11:44 GMT