Re: Found, a new rootkit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Friday 31 March 2006 18:40, Craig White wrote:
>On Fri, 2006-03-31 at 18:30 -0500, Gene Heskett wrote:
>> On Friday 31 March 2006 15:19, Craig White wrote:
>> >On Fri, 2006-03-31 at 13:39 -0600, Les Mikesell wrote:
>> >> On Fri, 2006-03-31 at 13:20, Gene Heskett wrote:
>> >> > >They use these botnets to distribute spam, launch DDOS, or
>> >> > > whatever else their imagination came come up with.  Either of
>> >> > > those would contribute to an increase in bandwidth usage.
>> >> >
>> >> > Humm, we were in fact subjected to a DDOS attack early last
>> >> > sunday morning, which lead to the traffic servers demise &
>> >> > rebuild. Got us listed at spamcop & our mail died.
>> >>
>> >> Or more likely, your box was participating in a DDOS. Do
>> >> you have any idea what exploit might have been used to
>> >> install the programs you found?
>> >
>> >----
>> >My money is on sshd - somebody with a weak password.
>>
>> We found a couple that were downright
>> stupid/dumb/assinine/all_of_the_above.
>>
>> Fixed, with a cluex4 upside the head to the parties involved.
>
>----
>users do what users do
>
>it's actually the fault of the admins who don't use any password
>checking mechanisms, but I suppose that it's more feasible to blame
>stupid users...of course, I would never do such a thing  ;-)

The hell we wouldn't, and I use the word 'we' to be all inclusive...  
But then its our job to baby the sales dept. since thats what pays 
everyones salaries at the end of the day.  In this case they WILL get 
used to a new login and password, and its not open for further  
discussion.  Not only that, I think I'm going to insist Jim do regular 
runs of jack-the-ripper or something along those lines.

In other words, we've been making it easy for sales.  Now that sales has 
also suffered a bit, we won't have near as much trouble as before if we 
make them actually (heavens to Betsy) remember a login and password.  
They will of course, if they cannot do business without doing so.

>Craig

-- 
Cheers, Gene
People having trouble with vz bouncing email to me should add the word
'online' between the 'verizon', and the dot which bypasses vz's
stupid bounce rules.  I do use spamassassin too. :-)
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2006 by Maurice Eugene Heskett, all rights reserved.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux