KevinL [EMAIL PROTECTED] writes:
On Wed, 2002-09-18 at 06:05, Michael Renzmann wrote:
killall .bugtraq would be suitable as well, and it would destroy
every other instance of the program that is running currently. Even if
detecting the current PPID does not work for whatever reason.
Hi!
I'm running chkrootkit on my workstation, just for testing. After the
last reboot it found:
Checking `bindshell'... INFECTED (PORTS: 600)
Slightly shocking on a workstation without direct Internet connectivity.
Doing an lsof -i :600 showed rpc.statd using this port. Huh? Why a low
port?
Previously Lupe Christoph wrote:
Opinions? Comments?
Does it really matter?
Wichert.
--
_
[EMAIL PROTECTED] This space intentionally left occupied \
| [EMAIL PROTECTED]http://www.wiggy.net/ |
|
I'm curious if anyone has thought about ways of blocking
this sort of attack before it gets to the home user?
http://www.the-dailyrant.com/archives/000855.html#000855
I think it is especially important to those of us
who are not under US law, living in places where such
activity would
On Sat, 28 Sep 2002 at 05:36:06PM +0100, Dale Amon wrote:
I'm curious if anyone has thought about ways of blocking
this sort of attack before it gets to the home user?
http://www.the-dailyrant.com/archives/000855.html#000855
I think it is especially important to those of us
who are
On Sat, 28 Sep 2002 13:19:44 -0400
Phillip Hofmeister [EMAIL PROTECTED] wrote:
On Sat, 28 Sep 2002 at 05:36:06PM +0100, Dale Amon wrote:
I'm curious if anyone has thought about ways of blocking
this sort of attack before it gets to the home user?
On Saturday, 2002-09-28 at 18:33:43 +0200, Wichert Akkerman wrote:
Previously Lupe Christoph wrote:
Opinions? Comments?
Does it really matter?
Well it may collide with a service started after it that wants this
particular privileged port. I also believe that services that do not
require a
On Sat, 28 Sep 2001 at 10:19 AM, Phillip Hofmeister wrote:
On Sat, 28 Sep 2002 at 05:36:06PM +0100, Dale Amon wrote:
I'm curious if anyone has thought about ways of blocking
this sort of attack before it gets to the home user?
http://www.the-dailyrant.com/archives/000855.html#000855
On Sat, Sep 28, 2002 at 05:36:06PM +0100, Dale Amon wrote:
I'm curious if anyone has thought about ways of blocking
this sort of attack before it gets to the home user?
http://www.the-dailyrant.com/archives/000855.html#000855
it depends on the attack: they say they want the
Congress
On Sun, 29 Sep 2002, Samuele Giovanni Tonon wrote:
On Sat, Sep 28, 2002 at 05:36:06PM +0100, Dale Amon wrote:
I'm curious if anyone has thought about ways of blocking
this sort of attack before it gets to the home user?
http://www.the-dailyrant.com/archives/000855.html#000855
it
KevinL [EMAIL PROTECTED] writes:
On Wed, 2002-09-18 at 06:05, Michael Renzmann wrote:
killall .bugtraq would be suitable as well, and it would destroy
every other instance of the program that is running currently. Even if
detecting the current PPID does not work for whatever reason.
Hi!
I'm running chkrootkit on my workstation, just for testing. After the
last reboot it found:
Checking `bindshell'... INFECTED (PORTS: 600)
Slightly shocking on a workstation without direct Internet connectivity.
Doing an lsof -i :600 showed rpc.statd using this port. Huh? Why a low
port?
Previously Lupe Christoph wrote:
Opinions? Comments?
Does it really matter?
Wichert.
--
_
/[EMAIL PROTECTED] This space intentionally left occupied \
| [EMAIL PROTECTED]http://www.wiggy.net/ |
|
I'm curious if anyone has thought about ways of blocking
this sort of attack before it gets to the home user?
http://www.the-dailyrant.com/archives/000855.html#000855
I think it is especially important to those of us
who are not under US law, living in places where such
activity would
On Sat, 28 Sep 2002 at 05:36:06PM +0100, Dale Amon wrote:
I'm curious if anyone has thought about ways of blocking
this sort of attack before it gets to the home user?
http://www.the-dailyrant.com/archives/000855.html#000855
I think it is especially important to those of us
who are
On Sat, 28 Sep 2002 13:19:44 -0400
Phillip Hofmeister [EMAIL PROTECTED] wrote:
On Sat, 28 Sep 2002 at 05:36:06PM +0100, Dale Amon wrote:
I'm curious if anyone has thought about ways of blocking
this sort of attack before it gets to the home user?
On Saturday, 2002-09-28 at 18:33:43 +0200, Wichert Akkerman wrote:
Previously Lupe Christoph wrote:
Opinions? Comments?
Does it really matter?
Well it may collide with a service started after it that wants this
particular privileged port. I also believe that services that do not
require a
On Sat, 28 Sep 2001 at 10:19 AM, Phillip Hofmeister wrote:
On Sat, 28 Sep 2002 at 05:36:06PM +0100, Dale Amon wrote:
I'm curious if anyone has thought about ways of blocking
this sort of attack before it gets to the home user?
http://www.the-dailyrant.com/archives/000855.html#000855
On Sat, Sep 28, 2002 at 05:36:06PM +0100, Dale Amon wrote:
I'm curious if anyone has thought about ways of blocking
this sort of attack before it gets to the home user?
http://www.the-dailyrant.com/archives/000855.html#000855
it depends on the attack: they say they want the
Congress to
19 matches
Mail list logo
