warning on tcpdump and libcap
Ken Walker
ken.walker at textiles.umist.ac.uk
Thu Nov 14 02:07:20 EST 2002
warning on tcpdump and libcap
I've just recieved the following, don't know if its true !
>Hi,
>
>Apparently libpcap and tcpdump have been trojaned, in a similar way to
>openssh earlier this year. Information about how long this has been the
>case is sketchy. Trojaned versions appear to have made it out to a
>number of mirrors.
>
>Further details can be found at http://hlug.fscker.com (mirror
>http://www2.def-con.org/mirror/hlug.fscker.com/ appears to work).
>
>The tarballs available at www.tcpdump.org appear to still be trojaned.
>
>Good sources:
>http://www.ibiblio.org/pub/Linux/distributions/gentoo/distfiles/libpcap-0.7
>.1.tar.gz
>http://www.ibiblio.org/pub/Linux/distributions/gentoo/distfiles/tcpdump-3.6
>.2.tar.gz
>http://www.ibiblio.org/pub/Linux/distributions/gentoo/distfiles/tcpdump-3.7
>.1.tar.gz
>
>MD5 Sum 0597c23e3496a5c108097b2a0f1bd0c7 libpcap-0.7.1.tar.gz
>MD5 Sum 6bc8da35f9eed4e675bfdf04ce312248 tcpdump-3.6.2.tar.gz
>MD5 Sum 03e5eac68c65b7e6ce8da03b0b0b225e tcpdump-3.7.1.tar.gz
>
>Trojaned sources:
>http://www.tcpdump.org/release/libpcap-0.7.1.tar.gz
>http://www.tcpdump.org/release/tcpdump-3.6.2.tar.gz
>http://www.tcpdump.org/release/tcpdump-3.7.1.tar.gz
>
>MD5 Sum 73ba7af963aff7c9e23fa1308a793dca libpcap-0.7.1.tar.gz
>MD5 Sum 3a1c2dd3471486f9c7df87029bf2f1e9 tcpdump-3.6.2.tar.gz
>MD5 Sum 3c410d8434e63fb3931fe77328e4dd88 tcpdump-3.7.1.tar.gz
>
>The program connects to 212.146.0.34 (mars.raketti.net) on port 1963
>when the configure script is run. Sites with logs of network traffic
>may wish to check for connections to this IP over recent days.
>
>We would be interested in hearing about any machines found to be
>compromised using this route.
>
>Regards
More information about the linux
mailing list