[40841] in North American Network Operators' Group
Re: should i publish a list of cracked machines?
daemon@ATHENA.MIT.EDU (M. David Leonard)
Thu Aug 23 12:23:47 2001
Date: Thu, 23 Aug 2001 12:15:46 -0400 (EDT)
From: "M. David Leonard" <mdl@equinox.shaysnet.com>
To: Jim Mercer <jim@reptiles.org>
Cc: nanog@merit.edu
In-Reply-To: <20010823115338.B10630@reptiles.org>
Message-ID: <Pine.3.89.10108231203.A17454-0100000@equinox.shaysnet.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
Jim-
How about instead posting information to help other admins
identify the trojan daemon so we can check our own machines?
David Leonard
ShaysNet
On Thu, 23 Aug 2001, Jim Mercer wrote:
>
>
> i found one of my boxes was cracked (probably due to the BSD telnetd overflow).
>
> in any case, i found a file in the cracker's directory containing what i think
> is a list of other servers which might be hacked.
> i think the list also includes the passwords for using the trojan.
>
> on my server, i found a trojan daemon, allowing ssh on an 14000 series port.
>
> i was gonna just post the list of hosts here, but then, maybe not.
>
> what is the appropriate feeling?
>
> --
> [ Jim Mercer jim@reptiles.org +1 416 410-5633 ]
> [ Now with more and longer words for your reading enjoyment. ]
>
