Re: DoS Tool Identification
From: spaceork (spaceork_at_dhp.com)
Date: 02/26/04
- Previous message: Martin: "Re: DoS Tool Identification"
- In reply to: Martin: "Re: DoS Tool Identification"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 25 Feb 2004 22:22:17 -0500 (EST) To: Martin <broadcast@mail.ptraced.net>
On Wed, 25 Feb 2004, Martin wrote:
> Can't execve shell!
> /bin/sh
> $HOMEDIRHOMEDIR
> Can't fork subshell, there is no way...
> Can't open a tty, all in use ?
> /dev/null
> Done, pid=%d
> F**K: Can't fork child (%d)
> F**K: Can't bind udp socket (%d)
> F**K: Can't allocate udp socket (%d)
> /usr/local/apache/bin/httpd
> ***: Can't allocate raw socket (%d)
> using old...
> /usr/sbin/named
> BD_Init: Starting backdoor daemon...
>
> Seems like a backdoor daemon running on an UDP port.
Looks like a modified (or newer) version of backdoor.c from the Suckit
rootkit.
-interface
"They have computers, and they may have other weapons of mass destruction."
---------------------------------------------------------------------------
spaceork@dhp.com
http://www.dhp.com/~spaceork
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Previous message: Martin: "Re: DoS Tool Identification"
- In reply to: Martin: "Re: DoS Tool Identification"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
