LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 10-18-2005, 11:07 PM   #1
skipr
LQ Newbie
 
Registered: Sep 2005
Posts: 6

Rep: Reputation: 0
Unhappy Well, great.


So our internet goes all funky and we have to connect a computer directly to the internet () to fix our router problem. It stays like that for a little while and the next day we wake up with trojans in our pants.

I just booted up my Dell Powerconnect 3024 switch and a nasty little surprise by the name of 0xDEADBEEF jumps in my lap.
After I powered it up, it kept turning off and on, so I decided to hyperterm into it to see what was going on. Here it is:

Code:
RDU Product coming up...

  CPU type is R4650 revision 0x00
  DRAM found is 16MB
  Testing DRAM...OK
  Initializing FLASH Memory
  Initializing PCI host bridge

...

Booting up...                           Ver 4.2 (20010802)

Reading non-volatile data...

Boot from flash...

Reading image from flash...   0%  6% 12% 19% 25% 32% 38% 45% 51% 58% 64% 71% 77% 84% 90% 97% Done.

Decompressing image...  Done.
Expanded to 2531736 bytes, CRC 6f8cc0d3


Loading image...                        Release 5.1.4 (08281944)

  Code Size............................5716K
  Total Free Memory Size...............10668K
        Start Address..................0x00595000
        End   Address..................0x01000000

  Copyright (c) 1982, 1986, 1989, 1991, 1993
	The Regents of the University of California.  All rights reserved.

Initializing...
  0.06 GT-48302A-B-0 (v2.00)
  0.00 GT-48360-L-2 (v2.00)
  1.01 GT-48350-P-3 (v2.00)
  2.02 GT-48350-P-3 (v2.00)
  3.03 GT-48350-P-3 (v2.00)
  4.04 GT-48360-L-2 (v2.00)

System Interface Attachments:
  Device tty0 has been attached.
  Device tty1 has been attached.
  Device de0 has been attached.
  Device nd0 has been attached.
_route_init: SIOCADDRT: 51: Network is unreachable


System Initialization Completed....


@@@ Exception @@@
at 0x00280000 a3 0x00625F7C t5 0xFFFF00FF s3 0x00000001 t9 0x00000000 
v0 0x5B5B393B t0 0x00625F7C t6 0x00000000 s4 0x00000000 k0 0x0012EBD0 
v1 0x00651CF8 t1 0x00000000 t7 0x00000000 s5 0x00000000 k1 0x0027A070 
a0 0x00000000 t2 0x00000001 s0 0x000005DC s6 0x00000000 gp 0x00282198 
a1 0x00651CF8 t3 0x00000000 s1 0x00000006 s7 0x00000000 sp 0x00625EB8 
a2 0x00000004 t4 0x0000FF00 s2 0x00000004 t8 0x00000000 s8 0x00625EB8 
ra 0x000B39E8 
   IBase 0x00000000    Count 0x0F731DD4     PRId 0x00002210      ECC 0x00000000 
  IBound 0x7FFFF000  Compare 0x0F73417D   Config 0x0006E270 CacheErr 0xB4380D60 
   DBase 0x00000000   Status 0x3000FF03     CAlg 0x22212223    TagLo 0x00000000 
  DBound 0x7FFFF000    Cause 0x00800014   IWatch 0x00000000 ErrorEPC 0x5827F5EF 
BadVAddr 0x5B5B393B      EPC 0x000BC70C   DWatch 0x00000000 
[5] Illegal store address


0x00625EB8:0x00000000 0x00625EC0 0x0027A8BE 0x00000000 
0x00625EC8:0x7FFFFFF1 0x00651CF8 0x0027A8B0 0x00000004 
0x00625ED8:0xDEADBEEF 0x0027A8EC 0x05DC0006 0x00040001 
0x00625EE8:0x00000000 0x00651CF8 0x00651D98 0x00000002 
0x00625EF8:0x00000000 0x00000000 0x00000000 0x00000000 
0x00625F08:0x00000000 0x00000000 0x00000000 0x00000000 
0x00625F18:0x00000000 0x00625F28 0x00000000 0x00061BE4 
0x00625F28:0x00000000 0x0027A8B0 0x00000000 0x00000006 
0x00625F38:0x00000000 0x0014A246 0x00000000 0x00989680 
0x00625F48:0xDEADBEEF 0x0027A8E4 0xDEADBEEF 0x0027A8EC 
0x00625F58:0x00000000 0x00000006 0x00000000 0x00625F78 
0x00625F68:0xDEADBEEF 0x00000004 0x00000001 0x00000001 
0x00625F78:0xC0A80201 0x00000000 0x00000001 0x00000000 
0x00625F88:0x00000000 0x00625F98 0x00000000 0x00061F44 
0x00625F98:0x00000000 0x00625FD0 0x00000000 0x00000000 
0x00625FA8:0x00000000 0x00000000 0x00000000 0x00000000 
0x00625FB8:0x00000000 0x00000000 0x00000000 0x00000000 
0x00625FC8:0x00000000 0x00000000 0x00000000 0x00000000 
0x00625FD8:0x00000000 0x00000000 0x00000000 0x00000000 
0x00625FE8:0x00000000 0x00000000 0x00000000 0x00000000 
0x00625FF8:0x00000000 0x00000000 0x00000000 0x00000000 
0x00626008:0x00000000 0x00000000 0x00000000 0x00000000 
0x00626018:0x00000000 0x00000000 0x00000000 0x00626030 
0x00626028:0x00000000 0x00133028 0x00000000 0x00000000 
0x00626038:0x00000000 0x00000000 0x00000000 0x00000000 
0x00626048:0x00000000 0x00000000 0x00000000 0x00000000 
0x00626058:0x00000000 0x00000000 0x00000000 0x00000000 
0x00626068:0xDEADBEEF 0xDEADBEEF 0x006260C0 0x00624060 
0x00626078:0x00420FFF 0x00586E40 0x00000000 0x00000000 
0x00626088:0x00000000 0x00000000 0x006260D0 0x00000000 
0x00626098:0x00000000 0x00000000 0x00626080 0x00000000 
0x006260A8:0x00000000 0x00000000 0x00000000 0x00000000 
0x006260B8:0x00623FB8 0x00626160 0x00626150 0x00626070 
0x006260C8:0x00638410 0x00586E40 0x006260EC 0x0062613C 
0x006260D8:0x00000000 0x00000000 0x00000014 0x00010001 
0x006260E8:0x00120001 0x00595010 0x00595048 0x00000000 
0x006260F8:0x00000000 0x00000000 0x00000000 0x00000000 
0x00626108:0x00000000 0x00000000 0x00000000 0x00000000 
0x00626118:0x00000000 0x00000000 0x00000000 0x00000000 
0x00626128:0x00000000 0x00000000 0x00000000 0x00000000 
0x00626138:0x00000000 0x00000000 0x00000000 0x00000000 
0x00626148:0x00000000 0x00000000 0x00626180 0x006260C0 
0x00626158:0x00238408 0x00586E40 0x00626190 0x00000003 
0x00626168:0x006261C0 0x00000000 0x00000000 0x8FC20024 
0x00626178:0x0050182B 0x14600003 0x006261B0 0x00626150 
0x00626188:0x00000000 0x00586E40 0x00000000 0x00000007 
0x00626198:0x006262D8 0x00000000 0x8C848400 0x00641021 
0x006261A8:0x8C500008 0x0818985D 0x006262C8 0x00626180 
0x006261B8:0x00000000 0x00586E40 0x00000000 0x00000000 
0x006261C8:0x00000000 0x00040000 0x00000000 0x00000000 
0x006261D8:0x00000000 0x006261C0 0x000F55E0 0x000F53F0 
0x006261E8:0x000F553C 0x000F5494 0x00000000 0x00000000 
0x006261F8:0x00000000 0x00000000 0x00000000 0x00000000 
0x00626208:0x00000000 0x00000000 0x00000000 0x00000000 
0x00626218:0x00000000 0x00000000 0x00000000 0x00080001 
0x00626228:0x00000000 0x00000000 0x00000000 0x00626218 
0x00626238:0x000F55E0 0x000F53F0 0x000F553C 0x000F5494 
0x00626248:0x00000000 0x00000000 0x00000000 0x00000000 
0x00626258:0x00000000 0x00000000 0x00000000 0x00000000 
0x00626268:0x00000000 0x00000000 0x00000000 0x00000000 
0x00626278:0x00000000 0x000A0002 0x00000000 0x00000000 
0x00626288:0x00000000 0x00626270 0x000F55E0 0x000F53F0 
0x00626298:0x000F553C 0x000F5494 0x00000000 0x00000000 
0x006262A8:0x00000000 0x00000000 0x00000000 0x00000000 


RDU Product coming up...

  CPU type is R4650 revision 0x00
  DRAM found is 16MB
  Testing DRAM...OK
  Initializing FLASH Memory
  Initializing PCI host bridge

.
Nice.

Any idea what I can do..? Do I have to load new firmware on it or what? Or is it nice greyish blue doorstop?
 
Old 10-19-2005, 07:09 AM   #2
Brian Knoblauch
Member
 
Registered: Jan 2005
Distribution: SuSE (x86), NetBSD (Sparc), Solaris (Sparc & 32-bit x86)
Posts: 278

Rep: Reputation: 30
Are you sure it's a trojan? 0xdeadbeef is the ipv6 test range... You may very well just have a hardware problem.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
this is great aznboi12321 Suse/Novell 4 04-06-2005 02:40 PM
this great! halo14 General 6 11-24-2004 08:34 AM
Great installation, but... joeslomp VectorLinux 4 12-04-2003 03:59 AM
LFS is great but .... joakim12 Linux From Scratch 3 11-20-2003 04:23 AM
This is great yogotie LQ Suggestions & Feedback 2 03-31-2001 11:33 AM


All times are GMT -5. The time now is 07:36 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration