On 0, Allen Wayne Best <[EMAIL PROTECTED]> wrote:
>On Wednesday 08 August 2001 01:53, P Kirk pronounced:
>> >
>> >No offense intended, but this is some of the WORST advice I've heard on
>> >this list to date.
>> >
>> >If you fear you may have been compromised, by all means, and for the
>> >love of
On Wednesday 08 August 2001 01:53, P Kirk pronounced:
> >
> >No offense intended, but this is some of the WORST advice I've heard on
> >this list to date.
> >
> >If you fear you may have been compromised, by all means, and for the
> >love of us all, unplug your network cable at once. If for no othe
>
>No offense intended, but this is some of the WORST advice I've heard on
>this list to date.
>
>If you fear you may have been compromised, by all means, and for the
>love of us all, unplug your network cable at once. If for no other
>reason than this: Your system could possibly be launching attac
* P Kirk ([EMAIL PROTECTED]) [010807 12:32]:
> Saw something similiar in a FreeBSD box once. It was a trojan ftp
> daemon that started off some obscure user like sysgetty or some other
> "official" looking name. The RAID had 36 gigs of mp3s and porn.
>
> You might want to backup your data and re
On 07-Aug 08:29, P Kirk wrote:
[snip]
> killa.bat says killall ftpd and call killb.bat and killb does the same
> in reverse.
>
> I know someone must have a neat shell script that does this?
> --
>
[a bash script]
$while true; do killall ftpd; sleep 1; done;
Thomas
pgpS5WslsxtQU.pgp
Descriptio
On Tue, 7 Aug 2001, William Leese wrote:
>On Tuesday 07 August 2001 18:59, Dave Sherohman wrote:
>> On Tue, Aug 07, 2001 at 06:53:38PM +0200, William Leese wrote:
>> > there's more though. but again i'm not sure.. for the first time i've
>> > seen a few odd requests being logged in boa, just a sma
>Uh... Why? Wouldn't it be simpler to just shut down the ftp service
>(either /etc/init.d/ftpd stop or comment it out in inetd.conf and then
>/etc/init.d/inetd restart), work on it, and restart the service?
Because being a trojan it respawns every time you stop it. Otherwise it
would be a rathe
On Tue, Aug 07, 2001 at 08:29:39PM +0100, P Kirk wrote:
> In the meantime there's no need to disconnect from the net. Just have a
> rolling kill command that kills ftpd every second.
Uh... Why? Wouldn't it be simpler to just shut down the ftp service
(either /etc/init.d/ftpd stop or comment it
...and only one script needed :-)
--
Patrick "No sig in my .sig" Kirk
GSM: +44 7876 560 646
ICQ: 42219699
On Tue, Aug 07, 2001 at 08:29:39PM +0100, P Kirk wrote:
> Saw something similiar in a FreeBSD box once. It was a trojan ftp
> daemon that started off some obscure user like sysgetty or some other
> "official" looking name. The RAID had 36 gigs of mp3s and porn.
>
> You might want to backup your
Saw something similiar in a FreeBSD box once. It was a trojan ftp
daemon that started off some obscure user like sysgetty or some other
"official" looking name. The RAID had 36 gigs of mp3s and porn.
You might want to backup your data and reinstall if no-one has a more
knowledgable answer.
In t
On Tuesday 07 August 2001 18:59, Dave Sherohman wrote:
> On Tue, Aug 07, 2001 at 06:53:38PM +0200, William Leese wrote:
> > there's more though. but again i'm not sure.. for the first time i've
> > seen a few odd requests being logged in boa, just a small snippet:
> >
> >
> > [07/Aug/2001:06:26:03
> [07/Aug/2001:06:26:03 +] request from
> 195.38.105.70 "GET /default.ida?
That's from the "Code Red", or some variant of it, worm...
Hall
On Tue, Aug 07, 2001 at 06:53:38PM +0200, William Leese wrote:
> there's more though. but again i'm not sure.. for the first time i've seen a
> few odd requests being logged in boa, just a small snippet:
>
>
> [07/Aug/2001:06:26:03 +] request from 195.38.105.70 "GET
> /default.ida?XXX
-- Forwarded Message --
there's more though. but again i'm not sure.. for the first time i've seen a
few odd requests being logged in boa, just a small snippet:
[07/Aug/2001:06:26:03 +] request from 195.38.105.70 "GET
/default.ida?X
15 matches
Mail list logo
