[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SLUG] rpc.statd vuln

The tools you are after are all here:


Look under "Intrusion Detection" under the Resources section.

As a related piece of advertising spam:  I offer a monthly service
whereby I do all of this for you (install tools, harden system, run
tools, monitor output, monitor for intrusion attempts, keep distro
up to date), sort of like Red Hat Network but with more teeth (and
for Debian as well).  I won't bore the list with the details and
pricing, contact me off line if you're interested.

> Just after Jon sent a note regarding an `intrusion' noted in
> syslog as `rpc.statd gethostbyname \220 ...' I got the same sort
> of message.
> Strangely I also received something called `torn' in, of all
> places, my .wine/fakewindows/Program Files/ directly after. As
> I only installed wine the day before, and only have 3 windows
> exe's installed, I know I didn't put it there.
> I did cat on it. It was a binary but I could make out 3 or 4
> English words, like Windows, Files, Name, Mail.
> So add .wine to your list of places to go looking for intrusions.
> Nick _______________________________________
> On Wed, 7 Feb 2001, George Ferizis wrote: Re: [SLUG] t0rn toolkit
> > Hi all,
> >      I just noticed something very funny on my system, it was a set of
> > programs that was loaded into my /tmp directory named t0rn, which seemed to
> > be some type of trojan toolkit.
> >
> > The funny things is...I didn't put it there, and I'm the only one with
> > access to the box. I am guessing this means security on the box has been
> > compromised, so I was wondering if anybody knew of any monitoring tools that
> > could be used to alert me when some form of login is made.
> > Thanks,
> >     George


SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug