From: Gavin McCullagh (gavin at domain fiachra.ucd.ie)
Date: Fri 31 Aug 2001 - 14:50:39 IST
On Fri, 31 Aug 2001, Jerry Walsh wrote:
> Thanks for your help everyone - I found out what was causing
> it - the box was rooted last night and the mullet rootkit
> was installed.
Just out of pure interest, do you want to elaborate a little on what that rootkit does?
* Are all you binaries overwritten?
* What exploit did it use?
* How did you notice it (anythign other than the echo thing?)
* what ports were opened up?
If needs be off list, but it seems fairly pertinant to the topic.
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:11:55 GMT