[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: hacker attack: leaves .BitchX dir in root's home

Carlos Carvalho hat gesagt: // Carlos Carvalho wrote:

> My site has been atacked by a hacker using a method that leaves a
> directory .BitchX (or something close) in root's home dir. It gets the
> user/password combination of any user that telnet, ftp or use pop3 to
> get to the machine (no ssh).
> What's the security hole that's being exploited? At first the attacker
> didn't have the root password.

Don't know about this BitchX-stuff, but the rest might be a juggernaut attack.
Juggernaut is a nice and userfriendly telnet-hijacker that has been presented 
in Phrack-magazine. It steals an established telnet-, ftp- or pop3-session and
compiles good under debian and any other linux (I don't think it is or will
be a debian package though :) )

If you have been attacked by juggernauts you should see so called ACK storms.
AFAIK the only solution is to use ssh-programms. 

  Yours 	              	<a href="http://www.koeln-online.de/einblick/";>
  Frank Barknecht		Das Koelner Stadt- und Unimagazin
  >-------------<		</a>

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to: