sshd vunerability compromise

From: Ron Parker (sysop@scbbs.com)
Date: 12/17/01


From: Ron Parker <sysop@scbbs.com>
Date: Sun, 16 Dec 2001 17:09:35 -0800

Our system was compromised due to sshd vunerability. The cracker
created a directory called bambulua and in it are:

bdb
pipi (running at port 65531)
suckit
vanish2
td

Anyone seen these before (well, anyone other than the guy who cracked
us) and can tell me what they do? Thanks.

-ron

--
Ron Parker
Software Creations            http://www.scbbs.com
TradeWinds Publishing         http://www.intl-trade.com
TradePoint Los Angeles        http://www.tradepointla.org
SiteDirector Security Server  http://livepublish.scbbs.com
Civil War Online Library      http://civilwar.scbbs.com



Relevant Pages

  • Re: I am happy with XP:s integreted firewall!
    ... You CAN attack any open port if something is listening, ... CPU upto 100% and keep it there for as long as the cracker kept sending ... > wide world (I have made just one installation of windows XP and I allmost ...
    (comp.security.firewalls)
  • Re: TCP 6006 and echo (port 7) Mandrake (possible new trojan?)
    ... > is open, and in addition, TCP port 7 is also open. ... Here is why you need a FORMAT and clean install when your box IS cracked. ... That will tell you about known root kits if you have one. ... The cracker may not have installed a rootkit. ...
    (comp.os.linux.security)
  • Re: open ports question (nmap scan)
    ... >> I am a newbie at linux security, could use some mentoring on a basic ... > If you don't know what the port is open for, you may as well shut it down. ... >> cracker know to use that port, what would stop a cracker from getting in ... Maintain a secure password ...
    (comp.os.linux.security)
  • Re: ssh to NATed box fails
    ... >| Port State Service ... opportunistic cracker will detect it. ... suppose when we find that a exploit for a new SSH ... moving SSH to a high port makes sense here. ...
    (Debian-User)