On Thu, 2007-01-11 at 18:52 -0500, Roberto C. Sanchez wrote:
Yup. While that will thwart the most naïve of attacks, put a binary
(not a script) in there (something like ls works) and run this:
/lib/ld-linux.so.2 /tmp/ls
That is actually not possible if you have a recent linux kernel.
On Fri, Jan 12, 2007 at 02:22:48PM +0100, Sven Arvidsson wrote:
On Thu, 2007-01-11 at 18:52 -0500, Roberto C. Sanchez wrote:
Yup. While that will thwart the most naïve of attacks, put a binary
(not a script) in there (something like ls works) and run this:
/lib/ld-linux.so.2 /tmp/ls
On Fri, 2007-01-12 at 14:22 +0100, Sven Arvidsson wrote:
Snip
http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html#s4.10
Thanks for the link.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Fran wrote:
I've been told by my ISP that my sarge webserver (only port 80 open, all
software up to date) is spewing traffic they're calling IRC_nick, which
is apparantly some sort of IRC bot.
I'm unable to locate the file/files that are infected. Additionally, I
can't see the
On Wed, 2007-01-10 at 11:53 -0600, Fran wrote:
I've been told by my ISP that my sarge webserver (only port 80 open, all
software up to date) is spewing traffic they're calling IRC_nick, which
is apparantly some sort of IRC bot.
I'm unable to locate the file/files that are infected.
On Thu, Jan 11, 2007 at 01:38:09PM -0500, Greg Folkert wrote:
At one time I had an IRC-Bot on my machine. It was put in /dev/shm/ I
fixed the access issue (it was writable by anyone)
The fact that /dev/shm is world writable is not an access issue anymore
than /tmp being world writable. In
I've been told by my ISP that my sarge webserver (only port 80 open, all
software up to date) is spewing traffic they're calling IRC_nick, which
is apparantly some sort of IRC bot.
I'm unable to locate the file/files that are infected. Additionally, I
can't see the process/processes for the bot
On Wed, Jan 10, 2007 at 11:53:42AM -0600, Fran wrote:
I've been told by my ISP that my sarge webserver (only port 80 open, all
software up to date) is spewing traffic they're calling IRC_nick, which
is apparantly some sort of IRC bot.
I'm unable to locate the file/files that are infected.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, Jan 10, 2007 at 10:01:46AM -0800, Andrew Sackville-West wrote:
On Wed, Jan 10, 2007 at 11:53:42AM -0600, Fran wrote:
I've been told by my ISP that my sarge webserver (only port 80 open, all
software up to date) is spewing traffic they're
Kevin Mark [EMAIL PROTECTED] wrote:
On Wed, Jan 10, 2007 at 10:01:46AM -0800, Andrew Sackville-West wrote:
On Wed, Jan 10, 2007 at 11:53:42AM -0600, Fran wrote:
I've been told by my ISP that my sarge webserver (only port 80 open, all
software up to date) is spewing traffic they're
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/10/07 11:53, Fran wrote:
I've been told by my ISP that my sarge webserver (only port 80 open, all
software up to date) is spewing traffic they're calling IRC_nick, which
is apparantly some sort of IRC bot.
IRC_nick is really ambiguous.
11 matches
Mail list logo