backdoor in freebsd found..
From: Renee Teunissen (renee@wittenburg10c.nl)Date: 08/18/01
- Previous message: jaywhy: "Re: Flash Worms"
- Next in thread: Rainer Weikusat: "Re: backdoor in freebsd found.."
- Reply: Rainer Weikusat: "Re: backdoor in freebsd found.."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <3B7E5EC9.36CDC87E@wittenburg10c.nl> Date: Sat, 18 Aug 2001 14:25:45 +0200 From: Renee Teunissen <renee@wittenburg10c.nl> To: INCIDENTS@securityfocus.com Subject: backdoor in freebsd found..
Hi,
A few days ago I checked a clients machine for problems, sinds two
userid's where added. After some seaching, a run of nmap
I found TCP port 54 to be open and with lsof if found a small
backdoor installed as /usr/bin/getty.
So far as I can see it's just a simple backdoor, only connecting to it
with netcat didnt give me what I tought I should get.
Anyone any idears?
I've put the "getty" on one of my boss' machines,
it can be found on http://sms.pts.nl/renee/getty.gz (4KB).
Strings gives me something that could be a userid or something
like this. Anyone seen thisone before? And I think they got in
using a faulty telnetd.
Cheers,
Renee.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: jaywhy: "Re: Flash Worms"
- Next in thread: Rainer Weikusat: "Re: backdoor in freebsd found.."
- Reply: Rainer Weikusat: "Re: backdoor in freebsd found.."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
