Date & Time |
Source |
Event & Note |
Aug 10, 2003 13:23:17 |
log
|
HTTP request for /sumthin |
Aug 10, 2003 13:33:19 |
//dev/ttyof
|
[A-Time]/bin/ls config file |
Aug 10, 2003 13:33:19 |
//usr/lib/libsss
|
[A-Time]blank file |
Aug 10, 2003 13:33:19 |
//dev/ttyop
|
[A-Time]config file for /usr/bin/top |
Aug 10, 2003 13:33:19 |
//usr/bin/sl2
|
[A-Time]Port scanner |
Aug 10, 2003 13:33:19 |
//usr/bin/sense
|
[A-Time]sniffer sorter script |
Aug 10, 2003 13:33:19 |
//bin/ls
|
[A-Time]Trojan file |
Aug 10, 2003 13:33:33 |
//bin/pico
|
[A-Time]A pico editor |
Aug 10, 2003 13:33:33 |
//usr/include/icepid.h
|
[A-Time]PID file for SSH server |
Aug 10, 2003 13:33:33 |
//usr/bin/crontabs
|
[C-Time]Calls smbd -D |
Aug 10, 2003 13:33:33 |
//usr/include/iceconf.h
|
[C-Time]Config file for /usr/include SSH server |
Aug 10, 2003 13:33:33 |
//usr/include/icepid.h
|
[C-Time]PID file for SSH server |
Aug 10, 2003 13:33:33 |
//usr/bin/sl2
|
[C-Time]Port scanner |
Aug 10, 2003 13:33:33 |
//usr/bin/smbd -D
|
[C-Time]SSH server that was running with password logger |
Aug 10, 2003 13:33:33 |
//etc/rc.d/init.d/functions
|
[C-Time]Startup script that executes crontabs |
Aug 10, 2003 13:33:33 |
//usr/include/icepid.h
|
[M-Time]PID file for SSH server |
Aug 10, 2003 13:33:33 |
//etc/rc.d/init.d/functions
|
[M-Time]Startup script that executes crontabs |
Aug 10, 2003 13:33:35 |
//usr/bin/(swapd)
|
[A-Time]Network Sniffer - writes to libice.log |
Aug 10, 2003 13:33:35 |
//usr/lib/libsss
|
[C-Time]blank file |
Aug 10, 2003 13:33:35 |
//usr/bin/(swapd)
|
[C-Time]Network Sniffer - writes to libice.log |
Aug 10, 2003 13:33:35 |
//usr/bin/(swapd)
|
[M-Time]Network Sniffer - writes to libice.log |
Aug 10, 2003 13:33:36 |
//usr/lib/libice.log
|
[A-Time]network log file |
Aug 10, 2003 13:33:52 |
//dev/ttyoa
|
[A-Time]Config file for /bin/netstat |
Aug 10, 2003 13:33:52 |
//bin/netstat
|
[A-Time]Trojan file |
Aug 10, 2003 13:33:57 |
//dev/ttyof
|
[C-Time]/bin/ls config file |
Aug 10, 2003 13:33:57 |
//bin/pico
|
[C-Time]A pico editor |
Aug 10, 2003 13:33:57 |
//dev/ttyoa
|
[C-Time]Config file for /bin/netstat |
Aug 10, 2003 13:33:57 |
//dev/ttyop
|
[C-Time]config file for /usr/bin/top |
Aug 10, 2003 13:33:57 |
//usr/bin/sense
|
[C-Time]sniffer sorter script |
Aug 10, 2003 13:33:57 |
//bin/netstat
|
[C-Time]Trojan file |
Aug 10, 2003 13:33:57 |
//bin/ls
|
[C-Time]Trojan file |
Aug 10, 2003 13:33:57 |
log
|
syslog starting and stopping (boot.log) |
Aug 10, 2003 14:14:01 |
log
|
mail sent to jijeljijel@yahoo.com (mallog) |
Aug 10, 2003 14:14:41 |
log
|
ssh connections from extreme-service-10.is.pcnet.ro to smbd -D that failed. |
Aug 10, 2003 15:30:21 |
//usr/lib/sp0
|
[A-Time]SSH server |
Aug 10, 2003 15:30:30 |
log
|
Ehternet device went into promiscuous mode. |
Aug 10, 2003 15:30:52 |
//usr/lib/adore.o
|
[A-Time]Adore Rootkit module |
Aug 10, 2003 15:30:52 |
//usr/lib/adore.o
|
[M-Time]Adore Rootkit module |
Aug 10, 2003 15:30:54 |
//usr/lib/cleaner.o
|
[A-Time]Adore rootkit file |
Aug 10, 2003 15:30:54 |
//usr/lib/cleaner.o
|
[C-Time]Adore rootkit file |
Aug 10, 2003 15:30:54 |
//usr/lib/adore.o
|
[C-Time]Adore Rootkit module |
Aug 10, 2003 15:30:54 |
//usr/lib/sp0
|
[C-Time]SSH server |
Aug 10, 2003 15:30:54 |
//etc/rc.d/rc.sysinit
|
[C-Time]Startup script where kflushd was added |
Aug 10, 2003 15:30:54 |
//usr/lib/cleaner.o
|
[M-Time]Adore rootkit file |
Aug 10, 2003 15:30:54 |
//etc/rc.d/rc.sysinit
|
[M-Time]Startup script where kflushd was added |
Aug 10, 2003 15:31:51 |
//lib/.x/.boot
|
[A-Time]boot script for rootkit |
Aug 10, 2003 15:31:51 |
//lib/.x/hide
|
[A-Time]script to hide processes with suckit |
Aug 10, 2003 15:31:51 |
//lib/.x/log
|
[A-Time]SucKIT Client |
Aug 10, 2003 15:32:15 |
//lib/.x/inst
|
[C-Time]Installs suckit |
Aug 10, 2003 15:32:15 |
//lib/.x/cl
|
[C-Time]log cleaner |
Aug 10, 2003 15:32:15 |
//lib/.x/hide
|
[C-Time]script to hide processes with suckit |
Aug 10, 2003 15:32:15 |
//lib/.x/s/lsn
|
[C-Time]sniffer process |
Aug 10, 2003 15:32:15 |
//lib/.x/log
|
[C-Time]SucKIT Client |
Aug 10, 2003 15:32:16 |
//lib/.x/inst
|
[A-Time]Installs suckit |
Aug 10, 2003 15:32:16 |
//lib/.x/s/mfs
|
[A-Time]lsn logs |
Aug 10, 2003 15:32:16 |
//lib/.x/s/lsn
|
[A-Time]sniffer process |
Aug 10, 2003 15:32:16 |
//lib/.x/s/xopen
|
[A-Time]SSHD that was running on port 3128. |
Aug 10, 2003 15:32:16 |
//lib/.x/s/xopen
|
[C-Time]SSHD that was running on port 3128. |
Aug 10, 2003 15:32:16 |
//lib/.x/sk
|
[C-Time]SucKIT |
Aug 10, 2003 15:32:16 |
//lib/.x/sk
|
[M-Time]SucKIT |
Aug 10, 2003 15:32:17 |
//lib/.x/sk
|
[A-Time]SucKIT |
Aug 10, 2003 15:32:17 |
//lib/.x/.boot
|
[C-Time]boot script for rootkit |
Aug 10, 2003 15:32:17 |
//lib/.x/hide.log
|
[C-Time]log for 'hide' program |
Aug 10, 2003 15:32:17 |
//lib/.x/install.log
|
[C-Time]SucKIT logs |
Aug 10, 2003 15:32:17 |
//lib/.x/install.log
|
[M-Time]SucKIT logs |
Aug 10, 2003 15:32:33 |
//lib/.x/install.log
|
[A-Time]SucKIT logs |
Aug 10, 2003 15:32:34 |
//lib/.x/cl
|
[A-Time]log cleaner |
Aug 10, 2003 15:42:31 |
log
|
mail sent to newptraceuser@yahoo.com (maillog) |
Aug 10, 2003 15:43:43 |
log
|
mail sent to skiZophrenia_siCk@yahoo.com (maillog) |
Aug 10, 2003 15:51:10 |
//lib/.x/s/r_s
|
[A-Time]Random seed for /lib/.x/s/xopen SSHD |
Aug 10, 2003 15:52:00 |
//root/sslstop/sslport
|
[C-Time]changes SSL port |
Aug 10, 2003 15:52:00 |
//root/sslstop/sslstop
|
[C-Time]stops SSL on apache |
Aug 10, 2003 15:52:00 |
//root/sslstop/sslport
|
[M-Time]changes SSL port |
Aug 10, 2003 15:52:00 |
//root/sslstop/sslstop
|
[M-Time]stops SSL on apache |
Aug 10, 2003 15:52:12 |
log
|
http starting and stopping (boot.log) |
Aug 10, 2003 15:52:23 |
//root/sslstop/sslport
|
[A-Time]changes SSL port |
Aug 10, 2003 15:54:18 |
//usr/bin/crontabs
|
[A-Time]Calls smbd -D |
Aug 10, 2003 15:54:18 |
//usr/include/iceconf.h
|
[A-Time]Config file for /usr/include SSH server |
Aug 10, 2003 15:54:18 |
//usr/bin/smbd -D
|
[A-Time]SSH server that was running with password logger |
Aug 10, 2003 15:54:18 |
//etc/rc.d/init.d/functions
|
[A-Time]Startup script that executes crontabs |
Aug 10, 2003 15:54:18 |
//root/sslstop/sslstop
|
[A-Time]stops SSL on apache |
Aug 10, 2003 15:56:11 |
log
|
Root user 'su'ed |
Aug 10, 2003 16:02:46 |
//etc/opt/psybnc/log/psybnc.log
|
[A-Time]psybnc log |
Aug 10, 2003 16:04:14 |
log
|
telnet from proxyscan.undernet.org (secure log) |
Aug 10, 2003 16:32:18 |
//lib/.x/s/r_s
|
[C-Time]Random seed for /lib/.x/s/xopen SSHD |
Aug 10, 2003 16:32:18 |
//lib/.x/s/r_s
|
[M-Time]Random seed for /lib/.x/s/xopen SSHD |
Aug 10, 2003 18:58:33 |
log
|
ssh from 202.85.165.46 (secure log) |
Aug 10, 2003 20:35:59 |
//usr/lib/libice.log
|
[C-Time]network log file |
Aug 10, 2003 20:35:59 |
//usr/lib/libice.log
|
[M-Time]network log file |
Aug 10, 2003 20:36:26 |
//lib/.x/s/mfs
|
[C-Time]lsn logs |
Aug 10, 2003 20:36:26 |
//lib/.x/s/mfs
|
[M-Time]lsn logs |
Aug 10, 2003 20:47:24 |
//etc/opt/psybnc/log/psybnc.log
|
[C-Time]psybnc log |
Aug 10, 2003 20:47:24 |
//etc/opt/psybnc/log/psybnc.log
|
[M-Time]psybnc log |