[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: RE: Goodies

To: linux-delhi@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: RE: Goodies
From: Raju Mathur <raju@xxxxxxxxxxxxxxx>
Date: Fri, 6 Apr 2001 17:54:31 +0530 (IST)
In-reply-to: <3ACDA08E.10B5FB3C@egurucool.com>
References: <3ADC5365@MailAndNews.com> <15053.35782.601590.878986@mail.linux-delhi.org> <3ACDA08E.10B5FB3C@egurucool.com>
Reply-to: raju@xxxxxxxxxxxxxxx

Well, I normally wouldn't have scanned a fresh system for unknown
processes and executables (more the fool me), but the system was
running really slow so I did a top to find out what process was
hogging the CPU/bus.  Saw three processes which I'd never seen on a
Unix box before, and then found that these processes didn't apear in a
ps listing.

The rest was easy: figured out ps had been trojaned, the home
directory of the rogue processes (/usr/lib/lib, which also contained
tons of other rogue programs) and also that /var/log/messages had been
cleaned.  Decided to reinstall.

Never figured out how the system got cracked into, since the log was
missing.  It was either sendmail or named, since everything was fine
after upgrading those.  Most probably named, I guess.

Regards,

-- Raju

>>>>> "Mithun" == Mithun Bhattacharya <mithun.b@xxxxxxxxxxxxx> writes:

    Mithun> Professional interest and wicked hacker interest including
    Mithun> care to tell us all about the hack and how you found it
    Mithun> out Raj ???
-- 
Raju Mathur          raju@xxxxxxxxxxxxx           http://kandalaya.org/

Follow-Ups:
- Raju catches a hacker!
  - From: Sunil Dhaka

References:
- RE: Goodies
  - From: Jeffrey Yep
- RE: Goodies
  - From: Raju Mathur
- Re: RE: Goodies
  - From: Mithun Bhattacharya

Prev by Subject: Re: Goodies
Next by Subject: Re: Goodies
Previous by thread: Re: RE: Goodies
Next by thread: Raju catches a hacker!
Index(es):
- Subject
- Thread