Re: [ILUG] Very strange problem

From: Gavin McCullagh (gavin at domain fiachra.ucd.ie)
Date: Fri 31 Aug 2001 - 14:50:39 IST

• Next message: Ross Lynch: "RE: [ILUG] craeting 100 users"
• Previous message: Jerry Walsh: "Re: [ILUG] Very strange problem"
• In reply to: Jerry Walsh: "Re: [ILUG] Very strange problem"
• Next in thread: Jerry Walsh: "Re: [ILUG] Very strange problem"
• Reply: Jerry Walsh: "Re: [ILUG] Very strange problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

On Fri, 31 Aug 2001, Jerry Walsh wrote:

> Thanks for your help everyone - I found out what was causing
> it - the box was rooted last night and the mullet rootkit
> was installed.

Just out of pure interest, do you want to elaborate a little on what that rootkit does?
        * Are all you binaries overwritten?
        * What exploit did it use?
        * How did you notice it (anythign other than the echo thing?)
        * what ports were opened up?

If needs be off list, but it seems fairly pertinant to the topic.

Gavin

• Next message: Ross Lynch: "RE: [ILUG] craeting 100 users"
• Previous message: Jerry Walsh: "Re: [ILUG] Very strange problem"
• In reply to: Jerry Walsh: "Re: [ILUG] Very strange problem"
• Next in thread: Jerry Walsh: "Re: [ILUG] Very strange problem"
• Reply: Jerry Walsh: "Re: [ILUG] Very strange problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:11:55 GMT