[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenBSD rootkit?

To: Przemyslaw Frasunek <venglin@freebsd.lublin.pl>
Subject: Re: OpenBSD rootkit?
From: Jan-Uwe Finck <jufi@nerdnet.de>
Date: Sun, 14 Jul 2002 10:39:29 +0200
Cc: tech@openbsd.org
Content-Disposition: inline
Mail-Followup-To: Przemyslaw Frasunek <venglin@freebsd.lublin.pl>,tech@openbsd.org
References: <20020714071716.GG38408@lagoon.freebsd.lublin.pl>
User-Agent: Mutt/1.2.5.1i

On Sun, Jul 14, 2002 at 09:17:16AM +0200, Przemyslaw Frasunek wrote:
> Hello.
> 
> Recently one of my OpenBSD 3.0 boxes got compromised. The attacker
> used OpenSSH exploit and installed trojaned sshd binary. There were
> obvious signs of compromise:

And what exactly is your excuse of not following the errata and
obviously never patching your system ?
You must have lived under a rock the last months if you still don't
know that OpenSSH < 3.4 is vulnerable.

> Have anyone seen this before?

Sure, there are even reports of OpenBSD honeypots who caught some
stupid script kiddies.

Yes, there are rootkits.
I just don't get why machines are still compromised although we 
announce on every channel that there are patches.

Follow-Ups:
- Re: OpenBSD rootkit?
  - From: Przemyslaw Frasunek <venglin@freebsd.lublin.pl>
- Re: OpenBSD rootkit?
  - From: Fyodor <fygrave@tigerteam.net>

References:
- OpenBSD rootkit?
  - From: Przemyslaw Frasunek <venglin@freebsd.lublin.pl>

Prev by Date: Re: OpenBSD rootkit?
Next by Date: Re: OpenBSD rootkit?
Prev by thread: Re: OpenBSD rootkit?
Next by thread: Re: OpenBSD rootkit?
Index(es):
- Date
- Thread