Prev: Google wants to see client addresses in DNS queries
Next: Having a LAN routing issue
From: Ben Davis on 2 Feb 2010 10:29
Hi,

I was trying to look up some info on nflog and looked up
nflog.sourceforge.net which is the project page. This page has been
hacked - I've copied my mail to sf.net below. I've searched up on
'vdlog' and it is clearly *NOT* the new version of nflog, so I'm
assuming this is an attempt at a Linux iptables trojan? I have had a
quick look on shellbox.fr but I can't find a download link, though I
wouldn't be installing it on anything important ;-)

(apologies for the html but I think it shows that this is clearly a
defacement and I already alerted sourceforge.net to it)

--- snip ---
<html>
<head>
<meta name="description" content="Iptables target to log packets via
virtual device">
<meta name="keywords" content="nflog linux kernel netfilter iptables
target virtual device log packet">
<title>Iptables target NFLOG</title>
</head>
<h1>Iptables target NFLOG renamed VDLOG available at shellbox.fr</h1>
<a href="http://www.shellbox.fr">Here my Homesite</a>
</html>

--

From: David W. Hodgins on 2 Feb 2010 11:36
On Tue, 02 Feb 2010 10:29:58 -0500, Ben Davis <jameenaziz(a)gmail.com> wrote:

> I was trying to look up some info on nflog and looked up
> nflog.sourceforge.net which is the project page. This page has been
> hacked - I've copied my mail to sf.net below. I've searched up on
> 'vdlog' and it is clearly *NOT* the new version of nflog, so I'm
> assuming this is an attempt at a Linux iptables trojan? I have had a
> quick look on shellbox.fr but I can't find a download link, though I
> wouldn't be installing it on anything important ;-)

Found a download link on shellbox.fr,
http://shellbox.free.fr/files/downloads/vdlog.tgz

The files in that are all dated May, 2006.

Also found
http://code.google.com/p/nflogd/source/browse/trunk/nflogd.cpp
which has a last change date of Nov. 2009.

No idea which is what, or what the history is, but skimming through
the vdlog source, I see no indication of a trojan.

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)
 | 
Pages: 1
Prev: Google wants to see client addresses in DNS queries
Next: Having a LAN routing issue