[Cialug] rootkit

admin cialug@cialug.org
Thu, 10 Mar 2005 09:25:26 -0600 

i just find it odd that they got in in the first place. that machine is
only available on port 80 (apache) i have everything else going across
192.168.*


forget doing the legal stuff. i'll learn more by figuring this out on my own.

-----Original Message-----
From: Jerry Weida <jweida@gmail.com>
To: cialug@cialug.org
Date: Thu, 10 Mar 2005 09:06:01 -0600
Subject: Re: [Cialug] rootkit

> Rootkits can do a variety of things, but most likely, it will cause a
> server to run on your machine that a remote user can connect to and
> gain root privileges without providing a password.  Additionally, it
> may send a notification to the "cracker" that when the machine is
> online and what the current IP is so that they know when the system is
> available.
> 
> Firewalling all of the ports that you do not use could help, but
> there's not guarantee that they didn't install a trojaned version of a
> service that you actually are providing (i.e. ssh, ftp, telnet,
> etc...)
> 
> 
> On Thu, 10 Mar 2005 09:09:49 -0600, admin <admin@c0wzftp.com> wrote:
> > ok this raises a second quesiton. would firewalling it (if i can't
> find
> > the infected files) be sufficent to keep it from doing further
> damage? or
> > could my box be a zombie now? what exactly do rootkits do?
> > 
> > 
> > -----Original Message-----
> > From: Jerry Weida <jweida@gmail.com>
> > To: cialug@cialug.org
> > Date: Thu, 10 Mar 2005 08:56:46 -0600
> > Subject: Re: [Cialug] rootkit
> > 
> > > Well, as many people will tell you, the only safe thing to do is
> wipe
> > > the system and start over.  Depending on the rootkit installed, you
> > > may be able to clean it and replace any trojaned executables from
> your
> > > original install source.
> > >
> > >
> > > On Thu, 10 Mar 2005 09:02:25 -0600, admin <admin@c0wzftp.com>
> wrote:
> > > > just ran chkrootkit on my server and found out there may be a
> damn
> > > rootkit
> > > > installed. what to do what to do?
> > > >
> > > > any help here would be hot.
> > > >
> > > > -------------------------
> > > > want an email address ending in @c0wzftp.com?
> > > > send an email on over to admin@c0wzftp.com
> > > >
> > > > _______________________________________________
> > > > Cialug mailing list
> > > > Cialug@cialug.org
> > > > http://cialug.org/mailman/listinfo/cialug
> > > >
> > > _______________________________________________
> > > Cialug mailing list
> > > Cialug@cialug.org
> > > http://cialug.org/mailman/listinfo/cialug
> > 
> > -------------------------
> > want an email address ending in @c0wzftp.com?
> > send an email on over to admin@c0wzftp.com
> > 
> > _______________________________________________
> > Cialug mailing list
> > Cialug@cialug.org
> > http://cialug.org/mailman/listinfo/cialug
> >
> _______________________________________________
> Cialug mailing list
> Cialug@cialug.org
> http://cialug.org/mailman/listinfo/cialug


-------------------------
want an email address ending in @c0wzftp.com?
send an email on over to admin@c0wzftp.com