Lynn Avants wrote:
On Tuesday 07 January 2003 01:08 pm, Dennis Stephens wrote:Saw the following in my syslogJan 3 15:17:12 ardentpursuit portsentry[1120]: attackalert: External command run for host: 218.156.227.172 using command: "/root/add2chain 218.156.227.172 12345" Did that command actually run, or did portsentry prevent it from running?
Well, a Google search didn't come up with anything but Win32 exploits and
there are (normally) no services running/listening to port 12345 on a LEAF
box. The ip MX is owned by Korea Telecom.
I don't run portsentry, so I'm not familiar with the output from it. I would definately take a look in your /root directory, but I would doubt your
hacked....depending on what LEAF system and add-on packages you're
using/config. In any case, I would do a thorough look at the box to make sure, unless somebody has any better insight into this.
-- Best Regards, Vladimir Systems Engineer (RHCE) ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
