RE: resolv.conf - overwrite
From: Schmehl, Paul L (pauls_at_utdallas.edu)
Date: 11/04/03
- Previous message: G.Mansur: "new ADMscript worm ?"
- Maybe in reply to: Lukasz Spaleniak: "resolv.conf - overwrite"
- Next in thread: Tim Greer: "Re: resolv.conf - overwrite"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 4 Nov 2003 13:11:10 -0600 To: "Lukasz Spaleniak" <spalek@ptssa.pl>, <incidents@securityfocus.com>
> -----Original Message-----
> From: Lukasz Spaleniak [mailto:spalek@ptssa.pl]
> Sent: Tuesday, November 04, 2003 5:32 AM
> To: incidents@securityfocus.com
> Subject: resolv.conf - overwrite
>
>
> Hi,
> probably someone had similar problem before, but I decided to
> describe it.
>
> Few days ago I suddenly discovered that my resvol.conf is
> changed , it looks likt that:
It appears that you have been hacked. At this point I wouldn't trust
anything on that box. Take if offline and start forensics on it.
Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/
---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_incidents_031023
and use priority code SF4.
----------------------------------------------------------------------------
- Previous message: G.Mansur: "new ADMscript worm ?"
- Maybe in reply to: Lukasz Spaleniak: "resolv.conf - overwrite"
- Next in thread: Tim Greer: "Re: resolv.conf - overwrite"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
