-----Original Message-----
Subject: [cobalt-security] HACK on RAQ3i
>we have just traced a hack into our primary NS its a Trin00 Deamon for
>DDOS attacks.
>The funny thing is that this box has no Virtual sites and no ftp but
>Telnet enabled on it. I can't see how they would have accessed the root
>shell.
the h4ck3r doesnt need a telnet or ftp service to r00t you.
they simply run an exploit on one of your services (probably proftpd or
bind) and there dropped
straight into a rootshell (in most cases).
most of the time they just just run a script that does it all for them,
hense the name 'scr1pt k1dd13z'
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
