On Wed, 02 May 2001, Simanta J Handique spewed into the ether:
> I was scanning my mail queue today when i came across a mail which
> was going to "[EMAIL PROTECTED]"... The mail consisted of the output
Most probably l1on.
Move over to http://www.sans.org for a clean up script (I recommend a
format and reinstall though.)
> from the ifconfig command (which showed the IP address i was using
> when i was connected to VSNL), the entire /etc/passwd file and also
> the SHADOW PASSWORD file. Luckily the mail did not go out (or so i
> think). Is this a virus or something? And how did it get access to
Worm.
> the files which can be accessed by root only. How can i stop it?
You were running old versions of insecure software. Probably an old
version of bind. (Upgrade minimally to 8.2.3-REL)
Stopping:
1> Get paranoid. If already paranoid, get even more so.
2> Subscribe to BUGTRAQ
3> Subscribe to your vendor's mailing list for security.
4> Install all required patches.
5> Repeat from step 1.
Devdas Bhagat
--
Every now and then, when your life gets complicated and the weasels
start closing in, the only cure is to load up on heinous chemicals and
then drive like a bastard from Hollywood to Las Vegas ... with the
music at top volume and at least a pint of ether.
-- Hunter S. Thompson, "Fear and Loathing in Las Vegas"
_______________________________________________
linux-india-help mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/linux-india-help
