should i publish a list of cracked machines?
Laurence Berland
stuyman at confusion.net
Thu Aug 23 16:27:38 UTC 2001
Also, why not do whois lookups on those hosts and email appropriate
people?
On Thu, 23 Aug 2001, M. David Leonard wrote:
>
> Jim-
>
> How about instead posting information to help other admins
> identify the trojan daemon so we can check our own machines?
>
>
> David Leonard
> ShaysNet
>
>
>
> On Thu, 23 Aug 2001, Jim Mercer wrote:
>
> >
> >
> > i found one of my boxes was cracked (probably due to the BSD telnetd overflow).
> >
> > in any case, i found a file in the cracker's directory containing what i think
> > is a list of other servers which might be hacked.
> > i think the list also includes the passwords for using the trojan.
> >
> > on my server, i found a trojan daemon, allowing ssh on an 14000 series port.
> >
> > i was gonna just post the list of hosts here, but then, maybe not.
> >
> > what is the appropriate feeling?
> >
> > --
> > [ Jim Mercer jim at reptiles.org +1 416 410-5633 ]
> > [ Now with more and longer words for your reading enjoyment. ]
> >
>
Laurence Berland
http://www.isp.northwestern.edu
More information about the NANOG
mailing list