 |
|
|
 Welcome to the Virus.Org Mailing List Archive |
||
 |
||
|
||
|
Roberto > Just wondering if anyone has some sort of fix or > report of this kit ? You may want to take a look at chkrootkit http://www.chkrootkit.org it looks for a variety of rootkits including t0rn, I'm not sure whether Nelson has fixed it to find the latest variant yet, but maybe worth a try. It may be worth your while looking at a file integrity checker to help you spot a reocurrence. http://www.networkintrusion.co.uk Talisker's Network Security Tools List ''' (0 0) ----oOO----(_)---------- | The geek shall | | Inherit the earth | -----------------oOO---- |__|__| || || ooO Ooo [EMAIL PROTECTED] The opinions contained within this transmission are entirely my own, and do not necessarily reflect those of my employer. ----- Original Message ----- From: "Roberto" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, January 08, 2001 2:05 PM Subject: Re: yes, its t0rn again > hola, > > Just wondering if anyone has some sort of fix or > report of this kit ? I think my machines maybe > infected with this kit to.. i was only able to find one > directory, /lib/ldlib.tk which had the t0rn ssh with ssh > listening on 47011, login was not backdoored and I > was unable to locate config files (shdcf) with help of > strings /bin/ps | grep / - which usually worked on lrk* > kit's (old t0rn too), lsof also not help much. > > I didnt have md5 checksum's recorded so i was not > able to compare with old ones.. > > Ciao, > Roberto >
|
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.