[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [SLUG] rpc.statd vuln
Just after Jon sent a note regarding an `intrusion' noted in
syslog as `rpc.statd gethostbyname \220 ...' I got the same sort
Strangely I also received something called `torn' in, of all
places, my .wine/fakewindows/Program Files/ directly after. As
I only installed wine the day before, and only have 3 windows
exe's installed, I know I didn't put it there.
I did cat on it. It was a binary but I could make out 3 or 4
English words, like Windows, Files, Name, Mail.
So add .wine to your list of places to go looking for intrusions.
On Wed, 7 Feb 2001, George Ferizis wrote: Re: [SLUG] t0rn toolkit
> Hi all,
> I just noticed something very funny on my system, it was a set of
> programs that was loaded into my /tmp directory named t0rn, which seemed to
> be some type of trojan toolkit.
> The funny things is...I didn't put it there, and I'm the only one with
> access to the box. I am guessing this means security on the box has been
> compromised, so I was wondering if anybody knew of any monitoring tools that
> could be used to alert me when some form of login is made.
> SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
> More Info: http://slug.org.au/lists/listinfo/slug >
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug