oh may be the rewter rename the backdoor file "oracle" better check those bin may be
it's a backdoor.
I encourage everyone to install aide (http://www.cs.tut.fi/~rammer/)or tripwire
(http://www.tripwire.com) on your
boxen for your ids. so that you have your proper inventory of your protected files ;)
HTH
Jimmy
Orlando Andico wrote:
> On Thu, 21 Jun 2001, Andre John Cruz wrote:
> ..
> > have you confirmed that it really was a root kit?
>
> no, netstat -anp claims the ports were used by oracle. =]
>
> but after a reboot the ports are no longer open.. hmm..
>
> --
> Orlando Andico <[EMAIL PROTECTED]>
> Mosaic Communications, Inc.
>
> -----BEGIN GEEK CODE BLOCK-----
> Version: 3.1
> GE d(-) s: a-25 C++++ UBLSI++++$ P+++ L+++>++++ E- W++ N(+)
> o K? w O-- M- !V PS(++) PE- Y PGP-- t(+)@ 5(+) X++@ R(+) tv@
> b++ DI++ G e++@ h--(*) r% y+
> ------END GEEK CODE BLOCK------
>
> _
> Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
> To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
>
> To subscribe to the Linux Newbies' List: send "subscribe" in the body to
>[EMAIL PROTECTED]
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
