[prev in list] [next in list] [prev in thread] [next in thread]
List: sun-managers
Subject: Cybercop and Sun system
From: "Subba Rao" <subb3 () ibm ! net>
Date: 1999-03-30 21:38:39
[Download RAW message or body]
Here is my case
Event
=====
We ran Cybercop (Internet Audit tool) at the request of the client. We ran it \
against one segment. One of the systems is a SunOS system.
Issue
=====
The SunOS 5.6 system crashed. We did not do any DoS attacks. Standard port scanning, \
password guessing and FTP vulnerabilities etc. The client blammed it on the Cybercop \
tool. Having done this many times before, I did tell my client that I did not have \
this problem before. The Sun system had a DBMS system running (RedBrick).
My customer shows me his syslog and blames the time of system crash, on this line.
Mar 24 17:21:24 sunny inetd[2098]: /opt/SUNWvts/bin/vtsk: Hangup
The system, however, continued to log after 17:21:24.
The next days log has the following lines.
Mar 25 07:36:13 sunny unix: WARNING: /tmp: File system full, swap space limit \
exceeded
Mar 24 07:36:59 sunny inetd[2098]: /opt/SUNWvts/bin/vtsk: Segmentation Fault - \
core dumped
The above messages repeat a few times with minor variations in the message text. And \
then the following line appears,
Mar 25 07:36:13 sunny unix: NOTICE: /disktest_c3t17d0s4: bad dir ino 2 at \
offset 0: mangled
There are many such lines. I strongly believe that the "disktest" caused the system \
to crash.
Question
=======
What is the "vtsk" program? What does it do?
My client goes to the point of stating that Cybercop inserted a Cron job or a Trojan \
horse, which later caused the crash.
I would appreciate if someone could shed some light on this with some pointers. If \
you used Cybercop with SunOS system, I would like to hear your experiences too.
Thank you in advance.
Subba Rao
subb3@ibm.net
==============================================================
Disclaimer - I question and speak for myself.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic