[unisog] anyone heard of this?
flynngn at jmu.edu
Mon Jan 28 19:41:17 GMT 2002
Stephen Lee wrote:
> My dearest hope is that someone found
> an lpd exploit script, changed the password, then didn't know where to
> go from there.
> I would have liked to shut down for a real forensic search and OS
> reinstall but that is not allowed at this point. Any pointers would be a
> great help.
1. I think there is a Sun web page where you can get MD5 signatures
for the files on your system. Alternately, check them against an
2. Nmap scan the system from another system and see what ports are open.
Then run a clean copy of lsof on the suspect system and see what
processes are listening. My guess is you'll find a backdoor ssh server.
Here are CERT's recommendations but a lot of them depend upon having
uncompromised system tools:
Security Engineer - Technical Services
James Madison University
More information about the unisog