Re: httpd in /tmp - Sound advice sought

2005-02-09 Thread Redmond Militante
] On Behalf Of Mark A. Garcia Sent: Tuesday, February 08, 2005 9:57 AM To: Bret Walker Cc: freebsd-questions@freebsd.org Subject: Re: httpd in /tmp - Sound advice sought Bret Walker wrote: Last night, I ran chkrootkit and it gave me a warning about being infected with Slapper. Slapper

Re: httpd in /tmp - Sound advice sought

2005-02-09 Thread Redmond Militante
as well Also, I'm tarring /usr and am going to run a diff on it compared to a clean install. Bret -Original Message- From: Redmond Militante [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 08, 2005 1:45 PM To: Bret Walker Subject: Re: httpd in /tmp - Sound advice sought

Re: httpd in /tmp - Sound advice sought

2005-02-09 Thread Redmond Militante
, 2005 2:21 PM To: Bret Walker Subject: Re: httpd in /tmp - Sound advice sought [Tue, Feb 08, 2005 at 01:43:36PM -0600] This one time, at band camp, Bret Walker said: I do read it, but not every day (weekends, especially). i use logcheck to mail me the messages log every 15 mins Do

Re: httpd in /tmp - Sound advice sought

2005-02-09 Thread Oliver Leitner
i know a certain hacking group who is trying to run their trojan as httpd, i discovered that info through some shell account i am running, that has tried to start this rootkit on our machine. heres a short view from the shell's history: - wget

RE: httpd in /tmp - Sound advice sought

2005-02-09 Thread Bret Walker
, February 09, 2005 8:48 AM To: Bret Walker; freebsd-questions@freebsd.org Subject: Re: httpd in /tmp - Sound advice sought i know a certain hacking group who is trying to run their trojan as httpd, i discovered that info through some shell account i am running, that has tried to start this rootkit

Re: httpd in /tmp - Sound advice sought

2005-02-09 Thread Oliver Leitner
. Thanks, Bret -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Oliver Leitner Sent: Wednesday, February 09, 2005 8:48 AM To: Bret Walker; freebsd-questions@freebsd.org Subject: Re: httpd in /tmp - Sound advice sought i know a certain hacking group

httpd in /tmp - Sound advice sought

2005-02-08 Thread Bret Walker
Last night, I ran chkrootkit and it gave me a warning about being infected with Slapper. Slapper exploits vulnerabilities in OpenSSL up to version 0.96d or older on Linux systems. I have only run 0.97d. The file that set chkrootkit off was httpd which was located in /tmp. /tmp is always

Re: httpd in /tmp - Sound advice sought

2005-02-08 Thread Mark A. Garcia
Bret Walker wrote: Last night, I ran chkrootkit and it gave me a warning about being infected with Slapper. Slapper exploits vulnerabilities in OpenSSL up to version 0.96d or older on Linux systems. I have only run 0.97d. The file that set chkrootkit off was httpd which was located in /tmp.