[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] SSH scans, i caught one
- To: Graham Gower <graham.gower@xxxxxxxxx>
- Subject: Re: [Full-disclosure] SSH scans, i caught one
- From: Lukasz Jaroszewski <lvj@xxxxxxxxxxxxxx>
- Date: Mon, 22 Nov 2010 12:21:10 +0100
On Mon, Nov 22, 2010 at 1:06 AM, Graham Gower <graham.gower@xxxxxxxxx> wrote:
> strace indicates that you'll want a uClibc based system.
>
> execve("./syslgd", ["./syslgd"], [/* 12 vars */]) = 0
> svr4_syscall() = -1 ERRNO_4090 (Unknown error 4090)
> cacheflush(0x11a000, 0x990, 0x3) = 0
> readlink("/proc/self/exe", "/syslgd", 4095) = 7
> cacheflush(0x7f85ac98, 0xf4, 0x3) = 0
> old_mmap(0x400000, 37872, PROT_READ|PROT_WRITE|PROT_EXEC,
> MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400000
> cacheflush(0x400000, 0xf4, 0x3) = 0
> cacheflush(0x4000f4, 0x92fc, 0x3) = 0
> mprotect(0x400000, 37872, PROT_READ|PROT_EXEC) = 0
> old_mmap(0x10000000, 716, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0xa000) = 0x10000000
> cacheflush(0x10000000, 0x2cc, 0x3) = 0
> mprotect(0x10000000, 716, PROT_READ|PROT_WRITE) = 0
> brk(0x10001000) = 0x10001000
> open("/lib/ld-uClibc.so.0", O_RDONLY) = -1 ENOENT (No such file or
> directory)
> exit(127) = ?
> Process 1567 detached
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
It is so called Chuck Norris `bot', attacks DSL modems, routers, etc,
plus few irc toys like bouncer etc.
BRGRDS
LVJ
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/