ECTED]
phone: +4048220044,+4048206200
- -Mesaj original-
De la: Alejandro Borges [mailto:[EMAIL PROTECTED]
Trimis: Tuesday, December 04, 2001 2:43 PM
Catre: z-deb-isp
Subiect: Re: Help... SSH CRC-32 compensation attack detector
vulnerability
Please...HOWTO
1.- detect this vulnerability
2.
Please...HOWTO
1.- detect this vulnerability
2.- get a chkrootkit deb for potato? (seems i get to choose between
potato's security (stable) and potato's non-security (lack of a
chkrootkit))
Alex
ECTED]
phone: +4048220044,+4048206200
- -Mesaj original-
De la: Alejandro Borges [mailto:[EMAIL PROTECTED]]
Trimis: Tuesday, December 04, 2001 2:43 PM
Catre: z-deb-isp
Subiect: Re: Help... SSH CRC-32 compensation attack detector
vulnerability
Please...HOWTO
1.- detect this vulnerabil
Please...HOWTO
1.- detect this vulnerability
2.- get a chkrootkit deb for potato? (seems i get to choose between
potato's security (stable) and potato's non-security (lack of a
chkrootkit))
Alex
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Conta
On Mon, 2001-12-03 at 02:38, Jacob Kuntz wrote:
> Never really looked into how reliable that is, but it's there. I'd like to
> see apt-get support some sort of 'reinstall' command.
You mean it doesn't? I could have sworn... (alternately: apt-get clean;
apt-get --download-only install $package; dp
On Mon, 2001-12-03 at 02:38, Jacob Kuntz wrote:
> Never really looked into how reliable that is, but it's there. I'd like to
> see apt-get support some sort of 'reinstall' command.
You mean it doesn't? I could have sworn... (alternately: apt-get clean;
apt-get --download-only install $package; d
On Mon, Dec 03, 2001 at 09:33:07AM +1100, Jason Lim wrote:
> Hi,
>
> sigh... yes... some of our servers have been hit with the "SSH CRC-32
> compensation attack detector vulnerability" attack.
>
> some servers have been compromised, and the usual rootkit stuff (install
> root shells in /etc/inetd
> Never really looked into how reliable that is, but it's there. I'd like to
> see apt-get support some sort of 'reinstall' command.
apt-get install --reinstall package
Regards
Tim
I know this is not a complete solution, but for starters you could try
'chkrootkit':
http://packages.debian.org/unstable/misc/chkrootkit.html
http://www.chkrootkit.org/
Stable doesn't have a package but I'm sure you could build the unstable .deb
from source.
Regards
Tim
>>> "Jason Lim" <[EMA
On Mon, Dec 03, 2001 at 09:33:07AM +1100, Jason Lim wrote:
> Hi,
>
> sigh... yes... some of our servers have been hit with the "SSH CRC-32
> compensation attack detector vulnerability" attack.
>
> some servers have been compromised, and the usual rootkit stuff (install
> root shells in /etc/inet
-
From: "Keith Elder" <[EMAIL PROTECTED]>
To: "Jason Lim" <[EMAIL PROTECTED]>
Cc:
Sent: Monday, December 03, 2001 1:11 PM
Subject: Re: Help... SSH CRC-32 compensation attack detector vulnerability
> What is the patch to plug this hole?
>
> K.
>
&
What is the patch to plug this hole?
K.
* Jason Lim ([EMAIL PROTECTED]) wrote:
> Reply-To: "Jason Lim" <[EMAIL PROTECTED]>
> From: "Jason Lim" <[EMAIL PROTECTED]>
> To:
> Subject: Help... SSH CRC-32 compensation attack detector vulnerability
>
On Mon, Dec 03, 2001 at 09:33:07AM +1100, Jason Lim wrote:
> What is an easy way to locate binaries that are different from the ones
> provided in the original debs?
man debsums
>
> And is there any other relatively easier way of cleaning up a system that
> has had a rootkit installed?
apt-get
Hi,
sigh... yes... some of our servers have been hit with the "SSH CRC-32
compensation attack detector vulnerability" attack.
some servers have been compromised, and the usual rootkit stuff (install
root shells in /etc/inetd.conf, bogus syslogd, haxored ps, etc.).
What is an easy way to locate b
e -
From: "Keith Elder" <[EMAIL PROTECTED]>
To: "Jason Lim" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Monday, December 03, 2001 1:11 PM
Subject: Re: Help... SSH CRC-32 compensation attack detector vulnerability
> What is the patch to plug this hole
What is the patch to plug this hole?
K.
* Jason Lim ([EMAIL PROTECTED]) wrote:
> Reply-To: "Jason Lim" <[EMAIL PROTECTED]>
> From: "Jason Lim" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Subject: Help... SSH CRC-32 compensation attack detec
On Mon, Dec 03, 2001 at 09:33:07AM +1100, Jason Lim wrote:
> What is an easy way to locate binaries that are different from the ones
> provided in the original debs?
man debsums
>
> And is there any other relatively easier way of cleaning up a system that
> has had a rootkit installed?
apt-get
Hi,
sigh... yes... some of our servers have been hit with the "SSH CRC-32
compensation attack detector vulnerability" attack.
some servers have been compromised, and the usual rootkit stuff (install
root shells in /etc/inetd.conf, bogus syslogd, haxored ps, etc.).
What is an easy way to locate
18 matches
Mail list logo