[SunHELP] can not list file with name containing "2001"
Tom Stockton
sunhelp at sunhelp.org
Thu May 24 07:27:45 CDT 2001
On Thu, 24 May 2001, Thomas Cameron wrote:
> I may be dense, but I didn't see anything in that article that indicates
> that inability to display files with "2001" in them is a known symptom
> of a buffer overflow attack.
>
> Can you clarify? What makes you think the box was cracked?
>
Upon gaining a root shell using a buffer overflow, the attacker will
install a 'rootkit' which replaces various system binaries, ls ps netstat
su...etc. This is done to allow a backdoor and also avoid detection of
unusual processses etc. A common root kit includes a modified ls binary
which does not show any files that have a 01 string in them, try it
# touch testfile01
# ls
HTH
Tom Stockton
More information about the SunHELP
mailing list