TLUG Mailing List

Mailing List Archive

tlug.jp Mailing List tlug archive tlug Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] possible trojan..not sure...help please

Date: Wed, 16 Apr 2003 09:37:45 +0200

From: Godwin Stewart <gstewart@example.com>

Subject: Re: [tlug] possible trojan..not sure...help please

References: <200304160102.09388.gavin-39@example.com><200304160842520613.004BCF01@example.com>

Organization: Nope, none here, it's a mess ;o)
And Thus Spake "Thomas Kruemmer" <tkruemmer@example.com> (on Wed, 16 Apr
2003 08:42:52 +0900):

> It spreads by scanning random class B IP networks for hosts that are
> vulnerable to a remote exploit in the Bind name service daemon. Once it
> has found a candidate for infection it attacks the remote machine and, if
> successful, downloads and installs a package from coollion.51.net.

I take it this means that if I'm running a non-vulnerable BIND, or if my
BIND isn't open to the world (only used as a local nameserver) then I'm safe
from this one?

I run a dailiy chkrootkit on my box but you can never be too sure!

-- 
G. Stewart   --   gstewart@example.com -- gstewart@example.com
Registered Linux user #284683
---------------------------------------------------------------
"POLICE STATION TOILET STOLEN...Cops have nothing to go on."
Attachment: pgp00058.pgp
Description: PGP signature

Follow-Ups:

Re: [tlug] possible trojan..not sure...help please
From: Jonathan Byrne

References:

[tlug] possible trojan..not sure...help please
From: Gavin

Re: [tlug] possible trojan..not sure...help please
From: Thomas Kruemmer

Prev by Date: Re: [tlug] possible trojan..not sure...help please

Next by Date: Re: [tlug] possible trojan..not sure...help please

Previous by thread: Re: [tlug] possible trojan..not sure...help please

Next by thread: Re: [tlug] possible trojan..not sure...help please

Index(es):

Date

Thread

Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links