sshd vunerability compromise

From: Ron Parker (
Date: 12/17/01

From: Ron Parker <>
Date: Sun, 16 Dec 2001 17:09:35 -0800

Our system was compromised due to sshd vunerability. The cracker
created a directory called bambulua and in it are:

pipi (running at port 65531)

Anyone seen these before (well, anyone other than the guy who cracked
us) and can tell me what they do? Thanks.


Ron Parker
Software Creations  
TradeWinds Publishing
TradePoint Los Angeles
SiteDirector Security Server
Civil War Online Library

Relevant Pages

  • Re: I am happy with XP:s integreted firewall!
    ... You CAN attack any open port if something is listening, ... CPU upto 100% and keep it there for as long as the cracker kept sending ... > wide world (I have made just one installation of windows XP and I allmost ...
  • Re: TCP 6006 and echo (port 7) Mandrake (possible new trojan?)
    ... > is open, and in addition, TCP port 7 is also open. ... Here is why you need a FORMAT and clean install when your box IS cracked. ... That will tell you about known root kits if you have one. ... The cracker may not have installed a rootkit. ...
  • Re: open ports question (nmap scan)
    ... >> I am a newbie at linux security, could use some mentoring on a basic ... > If you don't know what the port is open for, you may as well shut it down. ... >> cracker know to use that port, what would stop a cracker from getting in ... Maintain a secure password ...
  • Re: ssh to NATed box fails
    ... >| Port State Service ... opportunistic cracker will detect it. ... suppose when we find that a exploit for a new SSH ... moving SSH to a high port makes sense here. ...