RE: Strange files found on Solaris8

From: Carpio, Brian (Brian_Carpio_at_csgsystems.com)
Date: 07/09/03

  • Next message: Colin Rous: "Re: gotomypc exploit"
    Date: Wed, 9 Jul 2003 15:01:17 -0600
    To: <security-basics@securityfocus.com>
    
    

    It's from Netbackup

    -----Original Message-----
    From: Birl [mailto:sbirl@temple.edu]
    Sent: Wednesday, July 09, 2003 2:43 PM
    To: security-basics@securityfocus.com
    Subject: Re: Strange files found on Solaris8

    Jiang: Date: Wed, 9 Jul 2003 15:27:11 +0800
    Jiang: From: Jiang Peng <secplatform@hotmail.com>
    Jiang: To: security-basics@securityfocus.com
    Jiang: Subject: Strange files found on Solaris8
    Jiang:
    Jiang: Hi All,
    Jiang:
    Jiang: I just found some strange files under Root directory of my Solaris 8.
    Jiang:
    Jiang: the files are named as: .SeCuRiTy.0, .SeCuRiTy.1, ..... until .SeCuRiTy.68.
    Jiang: Following are part of the output of command: ls -al
    Jiang:
    Jiang: -rwx------ 1 daemon other 128 Aug 20 2002 .SeCuRiTy.0
    Jiang: -rwx------ 1 daemon other 128 Aug 20 2002 .SeCuRiTy.1
    Jiang: -rwx------ 1 daemon other 128 Aug 20 2002 .SeCuRiTy.10
    Jiang: -rwx------ 1 daemon other 128 Aug 20 2002 .SeCuRiTy.11
    Jiang: -rwx------ 1 daemon other 128 Aug 20 2002 .SeCuRiTy.12
    Jiang: -rwx------ 1 daemon other 128 Aug 20 2002 .SeCuRiTy.13
    Jiang: -rwx------ 1 daemon other 128 Aug 20 2002 .SeCuRiTy.14
    Jiang: -rwx------ 1 daemon other 128 Aug 20 2002 .SeCuRiTy.15
    Jiang: -rwx------ 1 daemon other 128 Aug 20 2002 .SeCuRiTy.16
    Jiang: -rwx------ 1 daemon other 128 Aug 20 2002 .SeCuRiTy.17
    Jiang: -rwx------ 1 daemon other 128 Aug 20 2002 .SeCuRiTy.18
    Jiang: -rwx------ 1 daemon other 128 Aug 20 2002 .SeCuRiTy.19
    Jiang: -rwx------ 1 daemon other 128 Aug 20 2002 .SeCuRiTy.2
    Jiang: -rwx------ 1 daemon other 128 Aug 20 2002 .SeCuRiTy.20
    Jiang: ..............
    Jiang:
    Jiang: Does anyone know what these files for? I googled the internet, but found no
    Jiang: clues.
    Jiang: This server is runnin an internet DNS server.
    Jiang: What I am worrying about is if someone broke into my system.
    Jiang: Can anyone point me a right way to analysis these files? what kind of log
    Jiang: files I need pay attention to?
    Jiang:
    Jiang: thank you,
    Jiang: Peng

    Doesnt sound good. If you suspect that you've been cracked, I would pull
    the Ethernet cable out of the computer immediately.

    Since your question is Solaris-related, have you try posting to
    SunManagers? I cant say I saw this on that list.

    Have you ran 'file' against it? If it isnt binary, try 'cat'ing it.

    Have 'lsof' installed? See what program has it open.

    HTH

     Scott Birl http://concept.temple.edu/sysadmin/
     Senior Systems Administrator Computer Services Temple University
    ====*====*====*====*====*====*====*====+====*====*====*====*====*====*====*====*

    ---------------------------------------------------------------------------
    Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
    The Gartner Group just put Neoteris in the top of its Magic Quadrant,
    while InStat has confirmed Neoteris as the leader in marketshare.
         
    Find out why, and see how you can get plug-n-play secure remote access in
    about an hour, with no client, server changes, or ongoing maintenance.
              
    Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
    The Gartner Group just put Neoteris in the top of its Magic Quadrant,
    while InStat has confirmed Neoteris as the leader in marketshare.
         
    Find out why, and see how you can get plug-n-play secure remote access in
    about an hour, with no client, server changes, or ongoing maintenance.
              
    Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
    ----------------------------------------------------------------------------


  • Next message: Colin Rous: "Re: gotomypc exploit"

    Relevant Pages

    • Re: Strange files found on Solaris8
      ... Jiang: Subject: Strange files found on Solaris8 ... I just found some strange files under Root directory of my Solaris 8. ... Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! ...
      (Security-Basics)
    • RE: Strange files found on Solaris8
      ... I discovered that Netbackup is the culprit. ... Strange files found on Solaris8 ... Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! ...
      (Security-Basics)
    • Re: Strange files found on Solaris8
      ... Strange files found on Solaris8 ... > I just found some strange files under Root directory of my Solaris 8. ... Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! ...
      (Security-Basics)
    • RE: Strange files found on Solaris8
      ... They are from NetBackup I think just the master server E-Mail veritas for more info. ... Strange files found on Solaris8 ... Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! ...
      (Security-Basics)