[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SLUG] rpc.statd vuln



Just after Jon sent a note regarding an `intrusion' noted in
syslog as `rpc.statd gethostbyname \220 ...' I got the same sort
of message.

Strangely I also received something called `torn' in, of all
places, my .wine/fakewindows/Program Files/ directly after. As
I only installed wine the day before, and only have 3 windows
exe's installed, I know I didn't put it there.

I did cat on it. It was a binary but I could make out 3 or 4
English words, like Windows, Files, Name, Mail.

So add .wine to your list of places to go looking for intrusions.

Nick _______________________________________

On Wed, 7 Feb 2001, George Ferizis wrote: Re: [SLUG] t0rn toolkit

> Hi all, 
>      I just noticed something very funny on my system, it was a set of 
> programs that was loaded into my /tmp directory named t0rn, which seemed to 
> be some type of trojan toolkit.  
>
> The funny things is...I didn't put it there, and I'm the only one with 
> access to the box. I am guessing this means security on the box has been 
> compromised, so I was wondering if anybody knew of any monitoring tools that 
> could be used to alert me when some form of login is made.  
> Thanks, 
>     George 
> 
> SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
> More Info: http://slug.org.au/lists/listinfo/slug >




-- 
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug