|
Home > Archive > Red Hat Topics > May 2006 > kernel brute segfault
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
kernel brute segfault
|
|
|
| I am running RHEL4 on Quad Opteron hardware.
I started to see these in the logs:
kernel: brute[29385]: segfault at 0000000000000000 rip 0000000008048e33 rsp
00000000ffffca30 error 4
What is brute? What can I do about this?
Thanks
<feeb@chem.utoronto.ca>
| |
|
| On Mon, 15 May 2006 10:05:22 -0400 (EDT), FEEB wrote:
>I am running RHEL4 on Quad Opteron hardware.
>
>I started to see these in the logs:
>
>kernel: brute[29385]: segfault at 0000000000000000 rip 0000000008048e33
rsp
>00000000ffffca30 error 4
>
>What is brute? What can I do about this?
>
>Thanks
Just for the record. Brute is an executable that is part of some SSH
cracking package. The package tries to SSH to a predefined B-block of
addresses using predefined combinations of login names and passwords (for
instance login "test" with password "test").
It generates a log file with combinations that returned a shell.
The package was installed via a compromised user account (user has been
known to distribute his passwords) from Romania and placed in /var/tmp and
therefore invisible to "locate" (in RedHat several directories are exempt
from updatedb, one of them is /var/tmp).
The user has been dealt with.
Cheers
<feeb@chem.utoronto.ca>
|
|
|
|
|