sshd vunerability compromise

From: Ron Parker (
Date: 12/17/01

From: Ron Parker <>
Date: Sun, 16 Dec 2001 17:09:35 -0800

Our system was compromised due to sshd vunerability. The cracker
created a directory called bambulua and in it are:

pipi (running at port 65531)

Anyone seen these before (well, anyone other than the guy who cracked
us) and can tell me what they do? Thanks.


Ron Parker
Software Creations  
TradeWinds Publishing
TradePoint Los Angeles
SiteDirector Security Server
Civil War Online Library