LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 04-13-2004, 09:25 PM   #1
witeshark
Member
 
Registered: Jan 2004
Location: Miami FL
Distribution: Mac OS X 10.4.11 Ubuntu 12.04 LTS
Posts: 429

Rep: Reputation: 30
Exclamation high speed system compromised


Unknown attackers have compromised a large number of Linux and Solaris machines
 
Old 04-13-2004, 09:36 PM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
Doesn't look to be any new "day-zero" exploit. Just a good example of the effect that using poor security practices can have (sending plain-text passwords, not keep patches updated, etc). For those of you out there still using telnet, take a look at the article.
 
Old 04-14-2004, 01:33 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,534
Blog Entries: 51

Rep: Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602Reputation: 2602
CC's right. Damn bad security practices. Make sure this doesn't happen to you. Funny the article mentions http://www.rootkit.nl/projects/rootkit_hunter.html as I was already busy writing a short comparison of Chkrootkit vs Rootkit Hunter... BTW, for the SuckIT rootkit there's a specialist tool, "skdet". To check for changed syscall behaviour in general check out Samhain's kern_check or Kstat.

Last edited by unSpawn; 04-25-2004 at 02:42 PM.
 
Old 04-14-2004, 03:53 PM   #4
Inexactitude
Member
 
Registered: Oct 2003
Distribution: Slackware 12.2, Ubuntu 9.04
Posts: 477

Rep: Reputation: 30
This is definetly the first time we've seen crackers going after university networks...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
High Speed danoyoto Linux - Networking 3 07-17-2004 09:18 AM
cdrecord - trying to use high speed medium on low speed writer captain-cat Linux - Hardware 2 07-12-2004 06:27 PM
System compromised BruceCadieux Linux - Security 20 09-29-2003 08:24 PM
System compromised? Comatose51 Linux - Security 3 07-11-2003 08:28 AM
Help: I think my system has been compromised! Comatose51 Linux - General 2 06-29-2003 05:00 PM


All times are GMT -5. The time now is 03:18 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration