----- Original Message ----- From: Jairo Tcatchenco <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, June 18, 2003 8:08 PM Subject: ptrace24 - How It apeared in my box?
> Hello all! > > Using chkrootkit tool, I found a root kit inside my box. A door was > opened and I haven't found yet how they putted it there (there is a > folder in tmp, called ..\ \ \ with a lot of malicious files). I left > just the basic doors opened (ntp, domain, ssh, http, https). Could > someone explain how they putted it there? > > Thanks. > > Jairo Tcatchenco > > > -------------------------------------------------------------------------- - > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! > The Gartner Group just put Neoteris in the top of its Magic Quadrant, > while InStat has confirmed Neoteris as the leader in marketshare. > > Find out why, and see how you can get plug-n-play secure remote access in > about an hour, with no client, server changes, or ongoing maintenance. > > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm > -------------------------------------------------------------------------- -- > Jairo, Jeremy Gaddis and Damian are probably correct ,i would recomend patching your kernel to remove the stack execution permition,this can be done by applying the grsecurity patch (http://grsecurity.net/) or try the openWall project http://www.openwall.com/linux/ plus updating your box. _____________________________________________________________________ http://www.freemail.gr - δωρεάν υπηρεσία ηλεκτρονικού ταχυδρομείου. http://www.freemail.gr - free email service for the Greek-speaking. --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
