trojaned SSHD ?
From: Karthik Krishnamurthy (karthik.k@extremix.net)Date: 09/21/01
- Previous message: Alex Noordergraaf: "ANNOUNCE: JASS 0.3.1 released"
- Next in thread: Gordon Ewasiuk: "Re: trojaned SSHD ?"
- Reply: Gordon Ewasiuk: "Re: trojaned SSHD ?"
- Reply: Patrick Morris: "Re: trojaned SSHD ?"
- Reply: Konrad Rieck: "Re: trojaned SSHD ?"
- Reply: Dr. Ernst-Udo Wallenborn: "Re: trojaned SSHD ?"
- Reply: Casper Dik: "Re: trojaned SSHD ?"
- Reply: Jeff Schaller: "Re: trojaned SSHD ?"
- Reply: Neil Dickey: "Re: trojaned SSHD ?"
- Reply: David Foster: "Re: trojaned SSHD ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 21 Sep 2001 06:16:33 +0530 From: Karthik Krishnamurthy <karthik.k@extremix.net> To: FOCUS-SUN@securityfocus.com Subject: trojaned SSHD ? Message-ID: <20010921061633.B1664@graf-spee.hn.extremix.net>
Hullo list,
Saw this recently on a SunOS 2.6 running sshd version 1.2.26 [sparc-sun-solaris2.6]
output of strings /usr/local/sbin/sshd | more
snip
...skipping
ls -alni /tmp/. 2>/dev/null
w 2>/dev/null
netstat -s 2>/dev/null
netstat -an 2>/dev/null
netstat -in 2>/dev/null
/dev/random
Looks very suspicious. Anybody else seen something like this ?
Karthik
- Previous message: Alex Noordergraaf: "ANNOUNCE: JASS 0.3.1 released"
- Next in thread: Gordon Ewasiuk: "Re: trojaned SSHD ?"
- Reply: Gordon Ewasiuk: "Re: trojaned SSHD ?"
- Reply: Patrick Morris: "Re: trojaned SSHD ?"
- Reply: Konrad Rieck: "Re: trojaned SSHD ?"
- Reply: Dr. Ernst-Udo Wallenborn: "Re: trojaned SSHD ?"
- Reply: Casper Dik: "Re: trojaned SSHD ?"
- Reply: Jeff Schaller: "Re: trojaned SSHD ?"
- Reply: Neil Dickey: "Re: trojaned SSHD ?"
- Reply: David Foster: "Re: trojaned SSHD ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
