Just after Jon sent a note regarding an `intrusion' noted in
syslog as `rpc.statd gethostbyname \220 ...' I got the same sort
of message.
Strangely I also received something called `torn' in, of all
places, my .wine/fakewindows/Program Files/ directly after. As
I only installed wine the day before, and only have 3 windows
exe's installed, I know I didn't put it there.
I did cat on it. It was a binary but I could make out 3 or 4
English words, like Windows, Files, Name, Mail.
So add .wine to your list of places to go looking for intrusions.
Nick _______________________________________
On Wed, 7 Feb 2001, George Ferizis wrote: Re: [SLUG] t0rn toolkit
> Hi all,
> I just noticed something very funny on my system, it was a set of
> programs that was loaded into my /tmp directory named t0rn, which seemed to
> be some type of trojan toolkit.
>
> The funny things is...I didn't put it there, and I'm the only one with
> access to the box. I am guessing this means security on the box has been
> compromised, so I was wondering if anybody knew of any monitoring tools that
> could be used to alert me when some form of login is made.
> Thanks,
> George
>
> SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
> More Info: http://slug.org.au/lists/listinfo/slug >
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug