Well, my thought is...why not just reboot to be sure. I mean, your LEAF box is running out of RAM disk right? The disk is write protected isn't it? Now, that doesn't mean that it can't happen again, so I would continue to investigate but I would copy all relevant log files to a disk and reboot.
Later Tony -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Lynn Avants Sent: Tuesday, January 07, 2003 11:46 PM To: leaf-user Subject: Re: [leaf-user] Does this indicate I've been hacked? On Tuesday 07 January 2003 01:08 pm, Dennis Stephens wrote: > Saw the following in my syslog > > Jan 3 15:17:12 ardentpursuit portsentry[1120]: attackalert: External > command run for host: 218.156.227.172 using command: "/root/add2chain > 218.156.227.172 12345" > > Did that command actually run, or did portsentry prevent it from running? Well, a Google search didn't come up with anything but Win32 exploits and there are (normally) no services running/listening to port 12345 on a LEAF box. The ip MX is owned by Korea Telecom. I don't run portsentry, so I'm not familiar with the output from it. I would definately take a look in your /root directory, but I would doubt your hacked....depending on what LEAF system and add-on packages you're using/config. In any case, I would do a thorough look at the box to make sure, unless somebody has any better insight into this. -- ~Lynn Avants Linux Embedded Appliance Firewall developer http://leaf.sourceforge.net ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
