On Sat, Jan 05, 2002 at 01:43:24AM -0500, Thedore Knab wrote:
[snip]
Starting nmap V. 2.54BETA25 ( www.insecure.org/nmap/ )
Interesting ports on dns1.mywork.edu :
(The 1540 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp openftp
On Sat, Jan 05, 2002 at 01:43:24AM -0500, Thedore Knab wrote:
[snip]
Starting nmap V. 2.54BETA25 ( www.insecure.org/nmap/ )
Interesting ports on dns1.mywork.edu :
(The 1540 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp openftp
Sent: Saturday, January 05, 2002 1:43 AM
To: [EMAIL PROTECTED]
Subject: Re: BIND exploited ? -UPDATE
Thanks for your help.
This was not a debian box. Maybe the next one will be.
I think it was updated from an earilier version that was hacked.
I am under the assumption that this server
On Sat, 5 Jan 2002, Jeremy L. Gaddis wrote:
You dumbass. Everybody knows you don't try to fix a compromised
machine. You take it in stride, wipe the drives and start all
over from a clean install.
Would you mind terribly not airing your oh-so-superior views in public?
With such unbridled
On Sat, Jan 05, 2002 at 01:43:24AM -0500, Thedore Knab wrote:
Starting nmap V. 2.54BETA25 ( www.insecure.org/nmap/ )
Interesting ports on dns1.mywork.edu :
(The 1540 ports scanned but not shown below are in state: closed)
^^
You seem to have only scanned your well-known ports?
How does this sound ?
The system has been rebuilt.
It is running Bind 9.2 chroot version on RH 7.2. Someone else built it. I prefer
Debian or OpenBSD. I will add tripwire and chkroot kit to run as a cron
job.
The harddrives will be saved for further investigation at a later date.
Since the
: Saturday, January 05, 2002 1:43 AM
To: debian-isp@lists.debian.org
Subject: Re: BIND exploited ? -UPDATE
Thanks for your help.
This was not a debian box. Maybe the next one will be.
I think it was updated from an earilier version that was hacked.
I am under the assumption that this server
On Sat, 5 Jan 2002, Jeremy L. Gaddis wrote:
You dumbass. Everybody knows you don't try to fix a compromised
machine. You take it in stride, wipe the drives and start all
over from a clean install.
Would you mind terribly not airing your oh-so-superior views in public?
With such unbridled
On Sat, Jan 05, 2002 at 01:43:24AM -0500, Thedore Knab wrote:
Starting nmap V. 2.54BETA25 ( www.insecure.org/nmap/ )
Interesting ports on dns1.mywork.edu :
(The 1540 ports scanned but not shown below are in state: closed)
^^
You seem to have only scanned your well-known ports?
How does this sound ?
The system has been rebuilt.
It is running Bind 9.2 chroot version on RH 7.2. Someone else built it. I prefer
Debian or OpenBSD. I will add tripwire and chkroot kit to run as a cron
job.
The harddrives will be saved for further investigation at a later date.
Since the
Thanks for your help.
This was not a debian box. Maybe the next one will be.
I think it was updated from an earilier version that was hacked.
I am under the assumption that this server was this way for over 1 year.
[ted@moe chkrootkit-0.34]$ cat /etc/redhat-release
Red Hat Linux release 6.2
Thanks for your help.
This was not a debian box. Maybe the next one will be.
I think it was updated from an earilier version that was hacked.
I am under the assumption that this server was this way for over 1 year.
[EMAIL PROTECTED] chkrootkit-0.34]$ cat /etc/redhat-release
Red Hat Linux
12 matches
Mail list logo
