lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 22 Nov 2010 12:21:10 +0100
From: Lukasz Jaroszewski <lvj@...tykalni.org>
To: Graham Gower <graham.gower@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: SSH scans, i caught one

On Mon, Nov 22, 2010 at 1:06 AM, Graham Gower <graham.gower@...il.com> wrote:
> strace indicates that you'll want a uClibc based system.
>
> execve("./syslgd", ["./syslgd"], [/* 12 vars */]) = 0
> svr4_syscall()                          = -1 ERRNO_4090 (Unknown error 4090)
> cacheflush(0x11a000, 0x990, 0x3)        = 0
> readlink("/proc/self/exe", "/syslgd", 4095) = 7
> cacheflush(0x7f85ac98, 0xf4, 0x3)       = 0
> old_mmap(0x400000, 37872, PROT_READ|PROT_WRITE|PROT_EXEC,
> MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400000
> cacheflush(0x400000, 0xf4, 0x3)         = 0
> cacheflush(0x4000f4, 0x92fc, 0x3)       = 0
> mprotect(0x400000, 37872, PROT_READ|PROT_EXEC) = 0
> old_mmap(0x10000000, 716, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0xa000) = 0x10000000
> cacheflush(0x10000000, 0x2cc, 0x3)      = 0
> mprotect(0x10000000, 716, PROT_READ|PROT_WRITE) = 0
> brk(0x10001000)                         = 0x10001000
> open("/lib/ld-uClibc.so.0", O_RDONLY)   = -1 ENOENT (No such file or directory)
> exit(127)                               = ?
> Process 1567 detached
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

It is so called Chuck Norris `bot', attacks DSL modems, routers, etc,
plus few irc toys like bouncer etc.
BRGRDS
LVJ

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ