>Yep, that's an unashamed hack. This is your average "I'm too stupid to
>_hide_ the back door, so I'll hope that no one looks" script kiddie
>signature.
found more info on the cert site. right off the rpc.statd
vulnerability warning ( not a very creative cracker. I mean
jeeze, at least change to port number ).
>I suggest you :
>netstat -avnp | grep LISTEN
did that plus some variations of lsof.
>to determine what services are open to the outside world. Determine what
>version of each service you're running, and look around for
>exploits. That might help you determine how the attacker gained
>access. This information is usefull, because you can then check other
>machines on the same network for that service, and find out whether you
>need to check more machines for compromises (you may want to check
>regardless of what you find on the known compromised machine).
have to write down all the things I can think of to check and
then get creative and obtuse.
>Once you've examined the system, format it clean and re-install
>everything. Don't run unneeded services, and carefully evaluate the
>usefulness of those you think you need.
somebody will be having a fun week.
Thanks to all for the suggestions.
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
