Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

kernel brute segfault

90 views
Skip to first unread message

FEEB

unread,
May 15, 2006, 10:05:22 AM5/15/06
to
I am running RHEL4 on Quad Opteron hardware.

I started to see these in the logs:

kernel: brute[29385]: segfault at 0000000000000000 rip 0000000008048e33 rsp
00000000ffffca30 error 4

What is brute? What can I do about this?

Thanks


<fe...@chem.utoronto.ca>


FEEB

unread,
May 16, 2006, 7:30:24 AM5/16/06
to

Just for the record. Brute is an executable that is part of some SSH
cracking package. The package tries to SSH to a predefined B-block of
addresses using predefined combinations of login names and passwords (for
instance login "test" with password "test").
It generates a log file with combinations that returned a shell.

The package was installed via a compromised user account (user has been
known to distribute his passwords) from Romania and placed in /var/tmp and
therefore invisible to "locate" (in RedHat several directories are exempt
from updatedb, one of them is /var/tmp).

The user has been dealt with.

Cheers


<fe...@chem.utoronto.ca>


0 new messages