[Cialug] rootkit

Jerry Weida cialug@cialug.org
Thu, 10 Mar 2005 09:06:01 -0600


Rootkits can do a variety of things, but most likely, it will cause a
server to run on your machine that a remote user can connect to and
gain root privileges without providing a password.  Additionally, it
may send a notification to the "cracker" that when the machine is
online and what the current IP is so that they know when the system is
available.

Firewalling all of the ports that you do not use could help, but
there's not guarantee that they didn't install a trojaned version of a
service that you actually are providing (i.e. ssh, ftp, telnet,
etc...)


On Thu, 10 Mar 2005 09:09:49 -0600, admin <admin@c0wzftp.com> wrote:
> ok this raises a second quesiton. would firewalling it (if i can't find
> the infected files) be sufficent to keep it from doing further damage? or
> could my box be a zombie now? what exactly do rootkits do?
> 
> 
> -----Original Message-----
> From: Jerry Weida <jweida@gmail.com>
> To: cialug@cialug.org
> Date: Thu, 10 Mar 2005 08:56:46 -0600
> Subject: Re: [Cialug] rootkit
> 
> > Well, as many people will tell you, the only safe thing to do is wipe
> > the system and start over.  Depending on the rootkit installed, you
> > may be able to clean it and replace any trojaned executables from your
> > original install source.
> >
> >
> > On Thu, 10 Mar 2005 09:02:25 -0600, admin <admin@c0wzftp.com> wrote:
> > > just ran chkrootkit on my server and found out there may be a damn
> > rootkit
> > > installed. what to do what to do?
> > >
> > > any help here would be hot.
> > >
> > > -------------------------
> > > want an email address ending in @c0wzftp.com?
> > > send an email on over to admin@c0wzftp.com
> > >
> > > _______________________________________________
> > > Cialug mailing list
> > > Cialug@cialug.org
> > > http://cialug.org/mailman/listinfo/cialug
> > >
> > _______________________________________________
> > Cialug mailing list
> > Cialug@cialug.org
> > http://cialug.org/mailman/listinfo/cialug
> 
> -------------------------
> want an email address ending in @c0wzftp.com?
> send an email on over to admin@c0wzftp.com
> 
> _______________________________________________
> Cialug mailing list
> Cialug@cialug.org
> http://cialug.org/mailman/listinfo/cialug
>