[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Rootkit

To: <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: [Full-Disclosure] Rootkit
From: David Hane <dlhane@xxxxxxxxxxxxx>
Date: Fri, 26 Sep 2003 13:57:14 -0700

Hi all,

I recently had a machine get hacked before I could finish installing all the 
damn remote-root exploit patches that have been released in the last week.
I've done the forensics and I know how they got in and what they did but I 
would like to know what rootkit they used.

Can anyone recommend a good scanner or info site where I can compare some of 
the binaries I saved (the machine has been wiped)?

Also, am I the only one who is totally exhausted from trying to keep up with 
the last couple of week's patch frenzy? I would have had my last server 
patched before the attack but things like, sleep, food, and bathroom time got 
in the way :-)

Thanks for the help,

Dave

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- RE: [Full-Disclosure] Rootkit
  - From: Conrado Zelaya
- Re: [Full-Disclosure] Rootkit
  - From: B3r3n
- Re: [Full-Disclosure] Rootkit
  - From: Nate Hill
- Re: [Full-Disclosure] Rootkit
  - From: Bruce Ediger
- RE: [Full-Disclosure] Rootkit
  - From: Marcus H. Sachs

Prev by Date: [Full-Disclosure] new trojan
Next by Date: Re: [Full-Disclosure] An open question for Snort and Project Honeynet
Previous by thread: RE: [Full-Disclosure] new trojan
Next by thread: RE: [Full-Disclosure] Rootkit
Index(es):
- Date
- Thread