Joey Hess wrote:
> Let's cut it down some..
>
> > cc anatomy.c -o anatomy
> > cc kod.c -o kofd
> > cp kofd kod
> > rm kofd
>
> According to google, kod and kofd are related to the oracle database.
> It's possible this is a cooincidence, or he was using these names to try
> to appear innocous (wei
"Dzuy M. Nguyen" wrote:
> This linux box was plugged into the same LAN as our company NT Network.
> It wasn't setup to access the NT Network or be involved in it. It just
> get's
> it's TCP/IP signal from the LAN.
And what about the internet connection? Are all of your NT boxes
connected directly
ave scanned the ports of the computers physically
connected on this LAN? Should I be concerned with the security of the
whole office now?
- Original Message -
From: w trillich <[EMAIL PROTECTED]>
To:
Sent: Tuesday, May 02, 2000 6:58 PM
Subject: Re: bash_history from Cracked Computer
Dzuy M. Nguyen wrote:
> Can someone help me figure out this "/.bash_history" from my
> computer that someone cracked into and did some damage.
>
> I'll probably re-install the box, but I'd like to see what they did
> before I destroy it. I've attached the "/.bash_history".
Let's cut it down some
if you run updatedb via cron (or run it from the shell by hand
recently) it'll tell you if you have any of the evil files
on your computer:
locate pscan
locate wuftp
locate bnc2
locate .shit
locate anatomy
locate kod
locate '/b$'
if you find a
That's an awesome trail your cracker left there...!
Does anyone know what 'anatomy' and 'kofd/kod' are? Perhaps the source
is still on the machine in /root/.dead/home/.dead/dead/ (or something
like that)
It looks like he was performing port scans from your machine (./pscan IP
PORT entries). Don't
6 matches
Mail list logo
