| Chris . Kulish on Wed, 09 Jul 2003 12:14:23 -0500 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [Cialug] rooted, sshd |
No need Dave. In my rush to get everything together, I confused myself and
subsequently misspoke here. We are standardized on 7.1. Still old, but
they cant keep me from compiling kernels.
Corporate Politics at their finest!
-----
Chris Kulish
Systems Engineer
ING Advisors Network
Ph. (515) 698-7583
Fx. (515) 698-3583
"... if you must mount the gallows, give a jest to the crowd, a coin to the
hangman, and make the drop with a smile on your lips."
--Birgitte
-----
"David Champion"
<dave@xxxxxxxxxxx To: cialug@xxxxxxxxxx
om> cc: (bcc: Chris Kulish/BDN/ING-FSI-NA)
Sent by: Subject: Re: [Cialug] rooted, sshd
cialug-admin@cial
ug.org
07/09/2003 11:06
AM
Please respond to
cialug
Are you sure you want to keep running 6.2? That's pretty ancient... and
a lot of the packages with exploits probably aren't maintained.
I can look when I get home tonite (after the ball game). I have a huge
stack of old Linux CD's, there might be a RH 6.2 in there.
-dc
Chris.Kulish@xxxxxxxxxxx wrote:
> Another silly question. My RH 6.2 cd's have grown legs and migrated.
> Anyone got one that I could borrow for a week or so?
>
> The download is going horrendously slow
>
> -----
> Chris Kulish
>
> Redhat 6.2, stock kernel :(
> sshd 2.5.2 I think was on these server from the info I can gather from
the
> outgoing admin.
> apache 1.3.26
> php-4.0.4 (cant upgrade due to DB conflicts Im told)
>
> OK, Im pretty sure Ive inherited a couple of rooted boxen.
>
> I thought I was current on sshd, guess not.
>
> I noticed when I could no longer ssh to them. Went to the console, tried
> to start sshd via /etc/rc.d/init,.d/sshd start. no go there. Did a
sshd
> -V and it reported "DaNut & ps". I googled for that hoping something
would
> come up like that. no luck there either. It also had port 155 listed as
> the default port in arguments list. Did a netstat -a, BINGO something
> listening on port 155.
>
> This box is firewalled, so they cant connect to their back door.
>
> Im sad to say that because of corporate politics, no IDS systems are in
> place to date.
>
> I was just wondering if anyone had seen this exploit before
>
_______________________________________________
Cialug mailing list
Cialug@xxxxxxxxxx
http://cialug.org/mailman/listinfo/cialug
_______________________________________________
Cialug mailing list
Cialug@xxxxxxxxxx
http://cialug.org/mailman/listinfo/cialug