[Herts] RE: Blade Server (Debian) compromised.
nicolas
nicolas at jetblackjelly.com
Wed Jun 22 19:07:08 BST 2005
Hi,
Currently running chkroot kit
I think I have found the prob
warning, got bogus tcp line.
warning, got bogus tcp line.
warning, got bogus tcp line.
warning, got bogus tcp line.
warning, got bogus tcp line.
warning, got bogus tcp line.
Checking `bindshell'... INFECTED (PORTS: 3049 31337)
Checking `lkm'... chkproc: nothing detected
Checking `rexedcs'... not found
/proc/10835/fd: No such file or directory
/proc/20980/fd: No such file or directory
Checking `sniffer'... eth0: not promisc and no PF_PACKET sockets
Checking `w55808'... not infected Checking `wted'... chkwtmp: nothing
deleted Checking `scalper'... not infected
For unknown reasons the firewall was not running.. it is now.. (horses
etc..) I am busy googling but suggestions gratefully received.
Regards
Nicolas
0797650 4148
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.7.10/25 - Release Date:
21/06/2005
More information about the Herts
mailing list