On Sun, 2004-07-04 at 14:45, Derek Jennings wrote:
> On Sunday 04 Jul 2004 18:27, Terence Golightly wrote:
> SNIP
> > >
> > > Your main.cf contains the lines
> > > myhostname = tbox.blrm.myhouse.net
> > > mydomain = myhouse.net
> > > masquerade_domains = myhouse.net
> > > myorigin = myhouse.net
> > > debug_peer_list = myhouse.net
> > >
> > > If tbox.blrm.myhouse.net is not your domain, then yes it looks very
> > > suspicious.
> > > But a scan of your IP address shows you only have port 80 open so no one
> > > would be able to actually connect to your mail server.
> > >
> > > derek
> >
> > Derek,
> >
> >
> > Yes, apparently:
> >
> > [EMAIL PROTECTED] root]# whois myhouse.net
> >
> > Found a referral to whois.doregi.com.
> >
> > Welcome to DOREGI.COM's WHOIS data service.
> >
> > Registrant:
> > jeonggon seo
> > 1475-3youngchunri changsungeub changsunggun chunnam kr
> >
> > Domain Name: MYHOUSE.NET
> > Registrar: HANGANG Systems,Inc. dba doregi.com
> >
> > Administrative Contact:
> > jeonggon seo [EMAIL PROTECTED]
> > 0820613931011
> >
> >
> > Technical Contact:
> > jeonggon seo [EMAIL PROTECTED]
> > 0820613931011
> >
> >
> > Billing Contact:
> > jeonggon seo [EMAIL PROTECTED]
> > 0820613931011
> >
> >
> > Record created on.......: Jan 27, 2001
> > Record last updated on..: Dec 28, 2003
> > Record expires on.......: Jan 27, 2005
> >
> > Domain name servers in listed order:
> >
> > ns1.instel.net 220.80.108.83
> > ns2.kornet.net 211.216.50.160
> >
> >
> >
> > Powered by XML Engine.
> >
> > is owned by someone else. So I am going to look into changing my
> > hostname. Is it better to just use mcc->system->network/internet config
> > or edit the files directly?
> >
> > Terry
> >
> >
> >
> > Terry Golightly ... [EMAIL PROTECTED] ... Pittsburgh, Pa
> > Mandrake Linux release 10.0 (Official) for i586 kernel
> > 2.6.3-14mdk-i686-up-4GB
> > 13:24:30 up 1 day, 28 min, 3 users, load average: 0.00, 0.00, 0.00
> >
> > Power corrupts. And atomic power corrupts atomically.
>
> If you have been compromised, then the only safe thing to do IMO is to backup
> your personal files, wipe your system and do a reinstall using different
> passwords, and make sure the passwords are not easily guessable. You do not
> know what other things may have been interfered with.
>
> Also make sure all the latest security updates are applied so you do not get
> compromised again.
>
> It might be worth taking a look at your past outgoing mails to see when you
> started using tbox.blrm.myhouse.net as your hostname. It might give a clue
> how you got attacked.
I'll check. You don't think that my have the same host name as a korean
isp/spammer could be due to my own neglience? I'm going to first try and
change my hostname and go from there. I'll include my emails from
chrootkit if you'd like to take a look at them. I notice all kinds of
potential stuff, but I also ad stuff and find it difficult to understand
the what to do with the output.
>
> You might also consider installing chkrootkit.
I do have that installed. Messages from the system quit coming in on
June 22 at 4:09 am.
> If you put a mail address into the the Security page on Mandrake Control
> Centre, then you will receive a daily email listing the chkrootkit results.
> (Install anacron to ensure the job runs even if you switch off your computer
> overnight)
Yup anacron is installed as well.
>
> derek
Thanks again,
Terry
Terry Golightly ... [EMAIL PROTECTED] ... Pittsburgh, Pa
Mandrake Linux release 10.0 (Official) for i586 kernel
2.6.3-14mdk-i686-up-4GB
15:43:26 up 1 day, 2:47, 3 users, load average: 0.05, 0.05, 0.01
Show me a man who is a good loser and I'll show you a man who is playing
golf with his boss.
From [EMAIL PROTECTED] Tue Jun 22 04:09:04 2004
Return-Path: <[EMAIL PROTECTED]>
X-Original-To: root
Delivered-To: [EMAIL PROTECTED]
Received: by tbox.myhouse.net (Postfix, from userid 0) id 7B54899DF0; Tue,
22 Jun 2004 04:09:04 -0400 (EDT)
To: [EMAIL PROTECTED]
Subject: [msec] *** Security Check on tbox.myhouse.net, Tue Jun 22 04:09:03
EDT 2004 ***
Message-Id: <[EMAIL PROTECTED]>
Date: Tue, 22 Jun 2004 04:09:04 -0400 (EDT)
From: [EMAIL PROTECTED] (root)
X-Evolution-Source: mbox:/var/mail/terryg
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
Security Warning: World Writable files found :
- /tmp/.ICE-unix
- /tmp/.X11-unix
- /tmp/.X11-unix/X0
- /tmp/.font-unix
- /tmp/.font-unix/fs-1
- /tmp/.gdm_socket
- /tmp/faxfile.ps
- /var/lib/mysql/mysql.sock
- /var/lib/sasl2/mux
- /var/lib/texmf
- /var/lib/texmf/ls-R
- /var/run/authdaemon.courier-imap/socket
- /var/spool/postfix/dev/log
- /var/spool/postfix/private/anvil
- /var/spool/postfix/private/bounce
- /var/spool/postfix/private/cyrus
- /var/spool/postfix/private/cyrus-chroot
- /var/spool/postfix/private/cyrus-deliver
- /var/spool/postfix/private/cyrus-inet
- /var/spool/postfix/private/defer
- /var/spool/postfix/private/error
- /var/spool/postfix/private/lmtp
- /var/spool/postfix/private/lmtp-filter
- /var/spool/postfix/private/local
- /var/spool/postfix/private/maildrop
- /var/spool/postfix/private/proxymap
- /var/spool/postfix/private/relay
- /var/spool/postfix/private/rewrite
- /var/spool/postfix/private/smtp
- /var/spool/postfix/private/smtp-filter
- /var/spool/postfix/private/tlsmgr
- /var/spool/postfix/private/trace
- /var/spool/postfix/private/uucp
- /var/spool/postfix/private/verify
- /var/spool/postfix/private/virtual
- /var/spool/postfix/public/cleanup
- /var/spool/postfix/public/flush
- /var/spool/postfix/public/pickup
- /var/spool/postfix/public/qmgr
- /var/spool/postfix/public/showq
- /var/spool/postfix/var/lib/sasl2/mux
- /var/spool/spamassassin
- /var/spool/spamassassin/auto-whitelist.db
Security Warning: these home directory should not be owned by someone else or writable
:
user=gdm(77) : home directory is group writable.
Security Warning: These files belonging to packages are modified on the system :
- /usr/bin/logcheck.sh
- /usr/share/a2ps/afm/fonts.map
- /usr/share/fonts/default/Type1/fonts.cache-1
- /usr/share/fonts/ttf/decoratives/fonts.cache-1
- /usr/share/fonts/ttf/western/fonts.cache-1
- /usr/share/texmf/ls-R
- /var/lib/games/lbreakout2.hscr
- /var/lib/nfs/state
Security Warning: These config files belonging to packages are modified on the system :
- /etc/X11/fs/config
- /etc/X11/gdm/gdm.conf
- /etc/apcupsd/apcupsd.conf
- /etc/cups/classes.conf
- /etc/cups/cupsd.conf
- /etc/cups/printers.conf
- /etc/flexbackup.conf
- /etc/ggz.modules
- /etc/host.conf
- /etc/info-dir
- /etc/inittab
- /etc/login.defs
- /etc/logrotate.conf
- /etc/mime.types
- /etc/modprobe.conf
- /etc/modules
- /etc/modules.conf
- /etc/mtools.conf
- /etc/named.conf
- /etc/ntp.conf
- /etc/pam.d/system-auth
- /etc/portsentry/portsentry.conf
- /etc/portsentry/portsentry.ignore
- /etc/postfix/aliases
- /etc/postfix/main.cf
- /etc/ppp/chap-secrets
- /etc/ppp/options
- /etc/ppp/pap-secrets
- /etc/ppp/pppoe.conf
- /etc/printcap
- /etc/rc.d/rc.local
- /etc/shells
- /etc/shorewall/accounting
- /etc/shorewall/interfaces
- /etc/shorewall/masq
- /etc/shorewall/policy
- /etc/shorewall/rules
- /etc/shorewall/shorewall.conf
- /etc/shorewall/zones
- /etc/sysconfig/bootsplash
- /etc/sysconfig/harddrake2/previous_hw
- /etc/sysconfig/msec
- /etc/sysconfig/syslog
- /etc/sysctl.conf
- /etc/syslog.conf
- /etc/webalizer.conf
- /etc/xinetd.d/rsync
- /etc/xml/catalog
- /root/.bashrc
- /usr/share/config/kdesktoprc
- /usr/share/config/konquerorrc
- /usr/share/sgml/docbook/xmlcatalog
- /var/lib/clamav/daily.cvd
- /var/lib/clamav/main.cvd
Chkrootkit report:
ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected
Checking `biff'... not found
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `date'... not infected
Checking `du'... not infected
Checking `dirname'... not infected
Checking `echo'... not infected
Checking `egrep'... not infected
Checking `env'... not infected
Checking `find'... not infected
Checking `fingerd'... not found
Checking `gpm'... not found
Checking `grep'... not infected
Checking `hdparm'... not infected
Checking `su'... not infected
Checking `ifconfig'... not infected
Checking `inetd'... not tested
Checking `inetdconf'... not found
Checking `identd'... not found
Checking `init'... not infected
Checking `killall'... not infected
Checking `ldsopreload'... not infected
Checking `login'... not infected
Checking `ls'... not infected
Checking `lsof'... not infected
Checking `mail'... not infected
Checking `mingetty'... not infected
Checking `netstat'... not infected
Checking `named'... not infected
Checking `passwd'... not infected
Checking `pidof'... not infected
Checking `pop2'... not found
Checking `pop3'... not found
Checking `ps'... not infected
Checking `pstree'... not infected
Checking `rpcinfo'... not infected
Checking `rlogind'... not found
Checking `rshd'... not found
Checking `slogin'... not infected
Checking `sendmail'... not infected
Checking `sshd'... not found
Checking `syslogd'... not infected
Checking `tar'... not infected
Checking `tcpd'... not infected
Checking `tcpdump'... not infected
Checking `top'... not infected
Checking `telnetd'... not found
Checking `timed'... not found
Checking `traceroute'... not infected
Checking `vdir'... not infected
Checking `w'... not infected
Checking `write'... not infected
Checking `aliens'... no suspect files
Searching for sniffer's logs, it may take a while... nothing found
Searching for HiDrootkit's default dir... nothing found
Searching for t0rn's default files and dirs... nothing found
Searching for t0rn's v8 defaults... nothing found
Searching for Lion Worm default files and dirs... nothing found
Searching for RSHA's default files and dir... nothing found
Searching for RH-Sharpe's default files... nothing found
Searching for Ambient's rootkit (ark) default files and dirs... nothing found
Searching for suspicious files and dirs, it may take a while...
/usr/lib/apps/Lyx/.DirIcon /usr/lib/apps/TCD/.DirIcon /usr/lib/apps/Vim/.DirIcon
/usr/lib/apps/GMix/.DirIcon /usr/lib/apps/Gimp/.DirIcon /usr/lib/apps/Lock/.DirIcon
/usr/lib/apps/XMMS/.DirIcon /usr/lib/apps/Terminal/.DirIcon
/usr/lib/apps/GQView/.DirIcon /usr/lib/apps/Galeon/.DirIcon
/usr/lib/apps/Emacs/.DirIcon /usr/lib/apps/Mandrake/.DirIcon
/usr/lib/apps/Mandrake/Multimedia/.DirIcon
/usr/lib/apps/Mandrake/Multimedia/Sound/Grip/.DirIcon
/usr/lib/apps/Mandrake/Multimedia/Sound/Xmms/.DirIcon
/usr/lib/apps/Mandrake/Multimedia/Sound/Zinf/.DirIcon
/usr/lib/apps/Mandrake/Multimedia/Sound/Aumix/.DirIcon
/usr/lib/apps/Mandrake/Multimedia/Sound/.DirIcon
/usr/lib/apps/Mandrake/Multimedia/Sound/Alsa Player/.DirIcon
/usr/lib/apps/Mandrake/Multimedia/Sound/Totem Media Player/.DirIcon
/usr/lib/apps/Mandrake/Multimedia/Sound/AlsaMixerGUI/.DirIcon
/usr/lib/apps/Mandrake/Multimedia/Sound/TiMidity++/.DirIcon
/usr/lib/apps/Mandrake/Multimedia/Sound/MP3 info/.DirIcon
/usr/lib/apps/Mandrake/Multimedia/Video/Xine/.DirIcon
/usr/lib/apps/Mandrake/Multimedia/Video/.DirIcon
/usr/lib/apps/Mandrake/Multimedia/Video/XMovie/.DirIcon
/usr/lib/apps/Mandrake/Multimedia/Video/MPlayer/.DirIcon
/usr/lib/apps/Mandrake/Multimedia/Video/Totem Movie Player/.DirIcon
/usr/lib/apps/Mandrake/Multimedia/Graphics/Xpcd/.DirIcon
/usr/lib/apps/Mandrake/Multimedia/Graphics/FLPhoto (GPhoto 2)/.DirIcon
/usr/lib/apps/Mandrake/Multimedia/Graphics/Gnome Icon Editor/.DirIcon
/usr/lib/apps/Mandrake/Multimedia/Graphics/GQview/.DirIcon
/usr/lib/apps/Mandrake/Multimedia/Graphics/.DirIcon
/usr/lib/apps/Mandrake/Multimedia/Graphics/The GIMP/.DirIcon
/usr/lib/apps/Mandrake/Multimedia/Graphics/Xwpick/.DirIcon
/usr/lib/apps/Mandrake/Multimedia/Graphics/Electric Eyes/.DirIcon
/usr/lib/apps/Mandrake/Office/Time management/Ical/.DirIcon
/usr/lib/apps/Mandrake/Office/Time management/KAlarm/.DirIcon
/usr/lib/apps/Mandrake/Office/Time management/.DirIcon
/usr/lib/apps/Mandrake/Office/Time management/KOrganizer/.DirIcon
/usr/lib/apps/Mandrake/Office/Graphs/Dia/.DirIcon
/usr/lib/apps/Mandrake/Office/Graphs/.DirIcon /usr/lib/apps/Mandrake/Office/.DirIcon
/usr/lib/apps/Mandrake/Office/Wordprocessors/.DirIcon
/usr/lib/apps/Mandrake/Office/Wordprocessors/OpenOffice.org Math/.DirIcon
/usr/lib/apps/Mandrake/Office/Wordprocessors/OpenOffice.org Writer/.DirIcon
/usr/lib/apps/Mandrake/Office/Address books/.DirIcon
/usr/lib/apps/Mandrake/Office/Address books/Address Manager/.DirIcon
/usr/lib/apps/Mandrake/Office/Communications/Fax/.DirIcon
/usr/lib/apps/Mandrake/Office/Communications/Fax/EFax-GTK/.DirIcon
/usr/lib/apps/Mandrake/Office/Communications/PDA/KPilot/.DirIcon
/usr/lib/apps/Mandrake/Office/Communications/PDA/.DirIcon
/usr/lib/apps/Mandrake/Office/Communications/.DirIcon
/usr/lib/apps/Mandrake/Office/Drawing/.DirIcon
/usr/lib/apps/Mandrake/Office/Drawing/OpenOffice.org Draw/.DirIcon
/usr/lib/apps/Mandrake/Office/Accessories/Gdict/.DirIcon
/usr/lib/apps/Mandrake/Office/Accessories/KCalc/.DirIcon
/usr/lib/apps/Mandrake/Office/Accessories/KJots/.DirIcon
/usr/lib/apps/Mandrake/Office/Accessories/Kdict/.DirIcon
/usr/lib/apps/Mandrake/Office/Accessories/.DirIcon
/usr/lib/apps/Mandrake/Office/Accessories/Unicode Character Map/.DirIcon
/usr/lib/apps/Mandrake/Office/Accessories/GNOME Dictionary/.DirIcon
/usr/lib/apps/Mandrake/Office/Accessories/KCharSelect/.DirIcon
/usr/lib/apps/Mandrake/Office/Publishing/Xpdf/.DirIcon
/usr/lib/apps/Mandrake/Office/Publishing/.DirIcon
/usr/lib/apps/Mandrake/Office/Publishing/GhostView/.DirIcon
/usr/lib/apps/Mandrake/Office/Publishing/XDitview/.DirIcon
/usr/lib/apps/Mandrake/Office/Publishing/Scribus/.DirIcon
/usr/lib/apps/Mandrake/Office/Publishing/PDF file viewer/.DirIcon
/usr/lib/apps/Mandrake/Office/Presentations/.DirIcon
/usr/lib/apps/Mandrake/Office/Presentations/OpenOffice.org Impress/.DirIcon
/usr/lib/apps/Mandrake/Office/Spreadsheets/.DirIcon
/usr/lib/apps/Mandrake/Office/Spreadsheets/Gnumeric/.DirIcon
/usr/lib/apps/Mandrake/Office/Spreadsheets/OpenOffice.org Calc/.DirIcon
/usr/lib/apps/Mandrake/System/Archiving/Other/.DirIcon
/usr/lib/apps/Mandrake/System/Archiving/Other/GTKtalog/.DirIcon
/usr/lib/apps/Mandrake/System/Archiving/.DirIcon
/usr/lib/apps/Mandrake/System/Archiving/Compression/Ark/.DirIcon
/usr/lib/apps/Mandrake/System/Archiving/Compression/Gnozip/.DirIcon
/usr/lib/apps/Mandrake/System/Archiving/Compression/.DirIcon
/usr/lib/apps/Mandrake/System/Archiving/Cd burning/.DirIcon
/usr/lib/apps/Mandrake/System/Archiving/Cd burning/GCombust/.DirIcon
/usr/lib/apps/Mandrake/System/Archiving/Cd burning/Gnome-Toaster/.DirIcon
/usr/lib/apps/Mandrake/System/Text tools/.DirIcon /usr/lib/apps/Mandrake/System/Text
tools/Gnome Sword/.DirIcon /usr/lib/apps/Mandrake/System/Text tools/Font
Selector/.DirIcon /usr/lib/apps/Mandrake/System/Other/KGpg/.DirIcon
/usr/lib/apps/Mandrake/System/Other/.DirIcon /usr/lib/apps/Mandrake/System/.DirIcon
/usr/lib/apps/Mandrake/System/Terminals/RXvt/.DirIcon
/usr/lib/apps/Mandrake/System/Terminals/.DirIcon
/usr/lib/apps/Mandrake/System/Terminals/XTerm/.DirIcon
/usr/lib/apps/Mandrake/System/Terminals/Multi-Gnome-Terminal/.DirIcon
/usr/lib/apps/Mandrake/System/Terminals/CRXvt (Big5)/.DirIcon
/usr/lib/apps/Mandrake/System/Terminals/KRXvt (KSC5601)/.DirIcon
/usr/lib/apps/Mandrake/System/Terminals/GBRXvt (GB2312)/.DirIcon
/usr/lib/apps/Mandrake/System/Terminals/JRXvt (JIS)/.DirIcon
/usr/lib/apps/Mandrake/System/File tools/ROX/.DirIcon
/usr/lib/apps/Mandrake/System/File tools/Gpgp/.DirIcon
/usr/lib/apps/Mandrake/System/File tools/Xffm/.DirIcon
/usr/lib/apps/Mandrake/System/File tools/.DirIcon /usr/lib/apps/Mandrake/System/File
tools/Gnome-Find/.DirIcon /usr/lib/apps/Mandrake/System/File tools/Nautilus/.DirIcon
/usr/lib/apps/Mandrake/System/File tools/Search for Files/.DirIcon
/usr/lib/apps/Mandrake/System/Monitoring/Nmap/.DirIcon
/usr/lib/apps/Mandrake/System/Monitoring/Ethereal/.DirIcon
/usr/lib/apps/Mandrake/System/Monitoring/GNOME System monitor/.DirIcon
/usr/lib/apps/Mandrake/System/Monitoring/KDE System Guard/.DirIcon
/usr/lib/apps/Mandrake/System/Monitoring/Xconsole/.DirIcon
/usr/lib/apps/Mandrake/System/Monitoring/.DirIcon
/usr/lib/apps/Mandrake/System/Monitoring/Xkill/.DirIcon
/usr/lib/apps/Mandrake/System/Monitoring/Xrefresh/.DirIcon
/usr/lib/apps/Mandrake/System/Monitoring/Gtaskman/.DirIcon
/usr/lib/apps/Mandrake/System/Monitoring/System Log/.DirIcon
/usr/lib/apps/Mandrake/System/Monitoring/Mtink - Epson inkjet printer maintenance and
ink level monitor/.DirIcon /usr/lib/apps/Mandrake/System/Monitoring/Gkrellm/.DirIcon
/usr/lib/apps/Mandrake/System/Monitoring/KDiskFree/.DirIcon
/usr/lib/apps/Mandrake/System/Configuration/Boot and Init/Boot/.DirIcon
/usr/lib/apps/Mandrake/System/Configuration/Boot and Init/.DirIcon
/usr/lib/apps/Mandrake/System/Configuration/Boot and Init/GDM Photo Setup/.DirIcon
/usr/lib/apps/Mandrake/System/Configuration/Boot and Init/Services/.DirIcon
/usr/lib/apps/Mandrake/System/Configuration/Boot and Init/New login with GDM/.DirIcon
/usr/lib/apps/Mandrake/System/Configuration/Boot and Init/GDM Configurator/.DirIcon
/usr/lib/apps/Mandrake/System/Configuration/Other/ChBg/.DirIcon
/usr/lib/apps/Mandrake/System/Configuration/Other/Time/.DirIcon
/usr/lib/apps/Mandrake/System/Configuration/Other/LocaleDrake/.DirIcon
/usr/lib/apps/Mandrake/System/Configuration/Other/.DirIcon
/usr/lib/apps/Mandrake/System/Configuration/Other/Users/.DirIcon
/usr/lib/apps/Mandrake/System/Configuration/Other/Timeconfig/.DirIcon
/usr/lib/apps/Mandrake/System/Configuration/Other/Userconf/.DirIcon
/usr/lib/apps/Mandrake/System/Configuration/Other/Change Password/.DirIcon
/usr/lib/apps/Mandrake/System/Configuration/Other/User Administration/.DirIcon
/usr/lib/apps/Mandrake/System/Configuration/Other/LinuxConf/.DirIcon
/usr/lib/apps/Mandrake/System/Configuration/Other/Menudrake/.DirIcon
/usr/lib/apps/Mandrake/System/Configuration/.DirIcon
/usr/lib/apps/Mandrake/System/Configuration/Hardware/UsbView/.DirIcon
/usr/lib/apps/Mandrake/System/Configuration/Hardware/.DirIcon
/usr/lib/apps/Mandrake/System/Configuration/Hardware/Floppy Formatter/.DirIcon
/usr/lib/apps/Mandrake/System/Configuration/Hardware/HardDrake/.DirIcon
/usr/lib/apps/Mandrake/System/Configuratio
n/Hardware/KFloppy/.DirIcon
/usr/lib/apps/Mandrake/System/Configuration/Printing/Adjust margins and offsets of
printed pages/.DirIcon /usr/lib/apps/Mandrake/System/Configuration/Printing/.DirIcon
/usr/lib/apps/Mandrake/System/Configuration/Printing/XPP - X Printing Panel/.DirIcon
/usr/lib/apps/Mandrake/System/Configuration/Printing/Calibrate colour printer
(GIMP-Print CUPS drivers)/.DirIcon
/usr/lib/apps/Mandrake/System/Configuration/Printing/Mtink - Epson inkjet printer
maintenance and ink level monitor/.DirIcon
/usr/lib/apps/Mandrake/System/Configuration/Printing/Lexmark/.DirIcon
/usr/lib/apps/Mandrake/System/Configuration/Printing/Lexmark/Change Cartridge in a
Lexmark 1xxx/.DirIcon
/usr/lib/apps/Mandrake/System/Configuration/Printing/Lexmark/Maintenance tool for
Lexmark Z42, Z43, and Z52/.DirIcon
/usr/lib/apps/Mandrake/System/Configuration/Printing/Lexmark/Command line tools for
Lexmark 5xxx or 7xxx/.DirIcon
/usr/lib/apps/Mandrake/System/Configuration/Printing/Lexmark/Change Cartridge in a
Lexmark 5xxx or 7xxx/.DirIcon
/usr/lib/apps/Mandrake/System/Configuration/Printing/Lexmark/Head alignment and nozzle
cleaning pages for Z22, Z32, or Z52/.DirIcon
/usr/lib/apps/Mandrake/System/Configuration/Printing/Lexmark/Park Cartridge in a
Lexmark 1xxx/.DirIcon /usr/lib/apps/Mandrake/System/Configuration/Printing/Install OKI
4w or compatible/.DirIcon /usr/lib/apps/Mandrake/System/Configuration/Printing/Printer
Utility Program/.DirIcon /usr/lib/apps/Mandrake/System/Configuration/Printing/CUPS WWW
admin tool/.DirIcon /usr/lib/apps/Mandrake/System/Configuration/Printing/Display
printer test page (for colour adjustment)/.DirIcon
/usr/lib/apps/Mandrake/System/Configuration/Packaging/.DirIcon
/usr/lib/apps/Mandrake/System/Configuration/Packaging/Remove Software/.DirIcon
/usr/lib/apps/Mandrake/System/Configuration/Packaging/Browse Available
Software/.DirIcon /usr/lib/apps/Mandrake/System/Configuration/Packaging/Software Media
Manager/.DirIcon /usr/lib/apps/Mandrake/System/Configuration/Packaging/Install
Software/.DirIcon /usr/lib/apps/Mandrake/System/Configuration/Packaging/Mandrake
Update/.DirIcon /usr/lib/apps/Mandrake/System/Configuration/Packaging/GNOME Package
Viewer/.DirIcon /usr/lib/apps/Mandrake/System/Configuration/Networking/.DirIcon
/usr/lib/apps/Mandrake/System/Configuration/Networking/Networking/.DirIcon
/usr/lib/apps/Mandrake/System/Configuration/Networking/Netconf/.DirIcon
/usr/lib/apps/Mandrake/System/Configuration/Configure your computer/.DirIcon
/usr/lib/apps/Mandrake/More applications/Sciences/.DirIcon /usr/lib/apps/Mandrake/More
applications/Sciences/Mathematics/.DirIcon /usr/lib/apps/Mandrake/More
applications/Sciences/Mathematics/Calculator/.DirIcon /usr/lib/apps/Mandrake/More
applications/Finances/.DirIcon /usr/lib/apps/Mandrake/More
applications/Finances/Gnome-PM/.DirIcon /usr/lib/apps/Mandrake/More
applications/Finances/GnuCash/.DirIcon /usr/lib/apps/Mandrake/More
applications/Games/Toys/.DirIcon /usr/lib/apps/Mandrake/More
applications/Games/Toys/Mesa reflect/.DirIcon /usr/lib/apps/Mandrake/More
applications/Games/Toys/Mesa gears/.DirIcon /usr/lib/apps/Mandrake/More
applications/Games/Toys/Mesa morph/.DirIcon /usr/lib/apps/Mandrake/More
applications/Games/Arcade/.DirIcon /usr/lib/apps/Mandrake/More
applications/Games/Arcade/LBreakout 2/.DirIcon /usr/lib/apps/Mandrake/More
applications/Games/Arcade/Gnibbles/.DirIcon /usr/lib/apps/Mandrake/More
applications/Games/Arcade/GNOME Robots/.DirIcon /usr/lib/apps/Mandrake/More
applications/Games/Arcade/GNOME Stones/.DirIcon /usr/lib/apps/Mandrake/More
applications/Games/Arcade/Cxhextris/.DirIcon /usr/lib/apps/Mandrake/More
applications/Games/Arcade/Gnome-Breakout/.DirIcon /usr/lib/apps/Mandrake/More
applications/Games/Arcade/Gnometris/.DirIcon /usr/lib/apps/Mandrake/More
applications/Games/Arcade/Maelstrom/.DirIcon /usr/lib/apps/Mandrake/More
applications/Games/Boards/Gataxx/.DirIcon /usr/lib/apps/Mandrake/More
applications/Games/Boards/Glines/.DirIcon /usr/lib/apps/Mandrake/More
applications/Games/Boards/Gnect/.DirIcon /usr/lib/apps/Mandrake/More
applications/Games/Boards/Iagno/.DirIcon /usr/lib/apps/Mandrake/More
applications/Games/Boards/.DirIcon /usr/lib/apps/Mandrake/More
applications/Games/Boards/Gnome Chess/.DirIcon /usr/lib/apps/Mandrake/More
applications/Games/Cards/PySOL/.DirIcon /usr/lib/apps/Mandrake/More
applications/Games/Cards/.DirIcon /usr/lib/apps/Mandrake/More
applications/Games/Cards/XPat 2/.DirIcon /usr/lib/apps/Mandrake/More
applications/Games/Cards/Blackjack/.DirIcon /usr/lib/apps/Mandrake/More
applications/Games/Cards/AisleRiot/.DirIcon /usr/lib/apps/Mandrake/More
applications/Games/Other/GTali/.DirIcon /usr/lib/apps/Mandrake/More
applications/Games/Other/.DirIcon /usr/lib/apps/Mandrake/More
applications/Games/Other/Same GNOME/.DirIcon /usr/lib/apps/Mandrake/More
applications/Games/.DirIcon /usr/lib/apps/Mandrake/More
applications/Games/Puzzles/.DirIcon /usr/lib/apps/Mandrake/More
applications/Games/Puzzles/GNOME Mahjongg/.DirIcon /usr/lib/apps/Mandrake/More
applications/Games/Puzzles/GNOME Tetravex/.DirIcon /usr/lib/apps/Mandrake/More
applications/Games/Puzzles/GNOME Mines/.DirIcon /usr/lib/apps/Mandrake/More
applications/Games/Puzzles/Gnotski/.DirIcon /usr/lib/apps/Mandrake/More
applications/.DirIcon /usr/lib/apps/Mandrake/More applications/Development/.DirIcon
/usr/lib/apps/Mandrake/More applications/Development/Development
environments/IDLE/.DirIcon /usr/lib/apps/Mandrake/More
applications/Development/Development environments/.DirIcon /usr/lib/apps/Mandrake/More
applications/Development/Development environments/Qt Linguist/.DirIcon
/usr/lib/apps/Mandrake/More applications/Development/Development environments/Qt3
Designer/.DirIcon /usr/lib/apps/Mandrake/More applications/Editors/Kate/.DirIcon
/usr/lib/apps/Mandrake/More applications/Editors/GEdit/.DirIcon
/usr/lib/apps/Mandrake/More applications/Editors/KWrite/.DirIcon
/usr/lib/apps/Mandrake/More applications/Editors/.DirIcon /usr/lib/apps/Mandrake/More
applications/Editors/XEdit/.DirIcon /usr/lib/apps/Mandrake/More
applications/Editors/KHexEdit/.DirIcon /usr/lib/apps/Mandrake/More
applications/Editors/CoolEdit/.DirIcon /usr/lib/apps/Mandrake/More
applications/Editors/XEmacs/.DirIcon /usr/lib/apps/Mandrake/More
applications/Accessibility/Xmag/.DirIcon /usr/lib/apps/Mandrake/More
applications/Accessibility/.DirIcon /usr/lib/apps/Mandrake/More
applications/Documentation/.DirIcon /usr/lib/apps/Mandrake/More
applications/Documentation/Qt3 Assistant/.DirIcon /usr/lib/apps/Mandrake/More
applications/Documentation/Howtos English/.DirIcon /usr/lib/apps/Mandrake/More
applications/Documentation/Mandrakelinux documentation in English/.DirIcon
/usr/lib/apps/Mandrake/More applications/Documentation/Beginners Guide to
Linux/.DirIcon /usr/lib/apps/Mandrake/More applications/Databases/.DirIcon
/usr/lib/apps/Mandrake/More applications/Databases/GNOME Database
configuration/.DirIcon /usr/lib/apps/Mandrake/Internet/Chat/.DirIcon
/usr/lib/apps/Mandrake/Internet/Chat/Xchat/.DirIcon
/usr/lib/apps/Mandrake/Internet/Mail/Korn/.DirIcon
/usr/lib/apps/Mandrake/Internet/Mail/KMail/.DirIcon
/usr/lib/apps/Mandrake/Internet/Mail/.DirIcon
/usr/lib/apps/Mandrake/Internet/Mail/Xmailbox/.DirIcon
/usr/lib/apps/Mandrake/Internet/Mail/Evolution/.DirIcon
/usr/lib/apps/Mandrake/Internet/Mail/Kontact/.DirIcon
/usr/lib/apps/Mandrake/Internet/News/Pan/.DirIcon
/usr/lib/apps/Mandrake/Internet/News/KNode/.DirIcon
/usr/lib/apps/Mandrake/Internet/News/.DirIcon
/usr/lib/apps/Mandrake/Internet/Other/.DirIcon
/usr/lib/apps/Mandrake/Internet/Other/KNewsTicker/.DirIcon
/usr/lib/apps/Mandrake/Internet/.DirIcon /usr/lib/apps/Mandrake/Internet/Instant
messaging/Licq/.DirIcon /usr/lib/apps/Mandrake/Internet/Instant
messaging/Gabber/.DirIcon /usr/lib/apps/Mandrake/Internet/Instant messaging/.DirIcon
/usr/lib/apps/Mandrake/Internet/Instant messaging/Kopete/.DirIcon
/usr/lib/apps/Mandrake/Internet/Instant messaging/Gnome-Jabber/.DirIcon
/usr/lib/apps/Mandrake/Internet/Instant messaging/GnomeICU/.DirIcon
/usr/lib/apps/Mandrake/Internet/Remote access/Remote Desktop Connection/.DirIcon
/usr/lib/apps/Mandrake/Internet/Remote access/KPPP/.DirIcon /usr/lib/apps/Mandrake/Int
ernet/Remote access/.DirIcon /usr/lib/apps/Mandrake/Internet/Remote access/KPPP - Log
Viewer/.DirIcon /usr/lib/apps/Mandrake/Internet/Remote access/TightVNC/.DirIcon
/usr/lib/apps/Mandrake/Internet/Web browsers/Galeon/.DirIcon
/usr/lib/apps/Mandrake/Internet/Web browsers/Opera/.DirIcon
/usr/lib/apps/Mandrake/Internet/Web browsers/.DirIcon
/usr/lib/apps/Mandrake/Internet/Web browsers/Screem/.DirIcon
/usr/lib/apps/Mandrake/Internet/Web browsers/Konqueror/.DirIcon
/usr/lib/apps/Mandrake/Internet/Web browsers/Mozilla Firefox/.DirIcon
/usr/lib/apps/Mandrake/Internet/Web browsers/Mozilla/.DirIcon
/usr/lib/apps/Mandrake/Internet/File transfer/KGet/.DirIcon
/usr/lib/apps/Mandrake/Internet/File transfer/gFTP/.DirIcon
/usr/lib/apps/Mandrake/Internet/File transfer/Gtk-gnutella/.DirIcon
/usr/lib/apps/Mandrake/Internet/File transfer/.DirIcon
/usr/lib/apps/Mandrake/Internet/File transfer/BitTorrent creator/.DirIcon
/usr/lib/apps/Mandrake/Internet/File transfer/BitTorrent GUI/.DirIcon
/usr/lib/apps/Mandrake/Internet/Web editors/.DirIcon
/usr/lib/apps/Mandrake/Internet/Web editors/BlueFish/.DirIcon
/usr/lib/apps/Mandrake/Internet/Web editors/Mozilla Composer/.DirIcon
/usr/lib/apps/Opera/.DirIcon /usr/lib/apps/ROX-Filer/.DirIcon
/usr/lib/apps/Spruce/.DirIcon /usr/lib/apps/GhostView/.DirIcon
/usr/lib/apps/XPaint/.DirIcon /usr/lib/apps/Netscape/.DirIcon
/usr/lib/apps/Gnumeric/.DirIcon /usr/lib/apps/SidPlay/.DirIcon
/usr/lib/apps/Mozilla/.DirIcon /usr/lib/apps/AbiWord/.DirIcon
Searching for LPD Worm files and dirs... nothing found
Searching for Ramen Worm files and dirs... nothing found
Searching for Maniac files and dirs... nothing found
Searching for RK17 files and dirs... nothing found
Searching for Ducoci rootkit... nothing found
Searching for Adore Worm... nothing found
Searching for ShitC Worm... nothing found
Searching for Omega Worm... nothing found
Searching for Sadmind/IIS Worm... nothing found
Searching for MonKit... nothing found
Searching for Showtee... nothing found
Searching for OpticKit... nothing found
Searching for T.R.K... nothing found
Searching for Mithra... nothing found
Searching for OBSD rk v1... nothing found
Searching for LOC rootkit ... nothing found
Searching for Romanian rootkit ... nothing found
Searching for HKRK rootkit ... nothing found
Searching for Suckit rootkit ... nothing found
Searching for Volc rootkit ... nothing found
Searching for Gold2 rootkit ... nothing found
Searching for TC2 Worm default files and dirs... nothing found
Searching for Anonoying rootkit default files and dirs... nothing found
Searching for ZK rootkit default files and dirs... nothing found
Searching for ShKit rootkit default files and dirs... nothing found
Searching for anomalies in shell history files... nothing found
Checking `asp'... not infected
Checking `bindshell'... not infected
Checking `lkm'... Checking `rexedcs'... not found
Checking `sniffer'... Checking `w55808'... not infected
Checking `wted'... nothing deleted
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking `z2'... nothing deleted
These are the ports listening on your machine :
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 *:rsync *:* LISTEN
4081/xinetd
tcp 0 0 *:mysql *:* LISTEN
5074/mysqld
tcp 0 0 localhost:10026 *:* LISTEN
4804/master
tcp 0 0 *:sunrpc *:* LISTEN
4235/portmap
tcp 0 0 *:10000 *:* LISTEN
5386/perl
tcp 0 0 pool-151-201-7-5:domain *:* LISTEN
4039/named
tcp 0 0 tbox.myhouse.net:domain *:* LISTEN
4039/named
tcp 0 0 localhost:domain *:* LISTEN
4039/named
tcp 0 0 localhost:privoxy *:* LISTEN
6770/privoxy
tcp 0 0 *:ipp *:* LISTEN
4136/cupsd
tcp 0 0 localhost:smtp *:* LISTEN
4804/master
tcp 0 0 localhost:rndc *:* LISTEN
4039/named
tcp 0 0 localhost:3551 *:* LISTEN
3288/apcupsd
udp 0 0 *:32768 *:*
4039/named
udp 0 0 *:10000 *:*
5386/perl
udp 0 0 pool-151-201-7-5:domain *:*
4039/named
udp 0 0 tbox.myhouse.net:domain *:*
4039/named
udp 0 0 localhost:domain *:*
4039/named
udp 0 0 *:35008 *:*
726/local
udp 0 0 *:865 *:*
4081/xinetd
udp 0 0 *:sunrpc *:*
4235/portmap
udp 0 0 tbox.myhouse.net:ntp *:*
4062/ntpd
udp 0 0 localhost:ntp *:*
4062/ntpd
udp 0 0 *:ntp *:*
4062/ntpd
raw 0 0 *:tcp *:* 7
5085/portsentry
raw 0 0 *:udp *:* 7
5097/portsentry
>From [EMAIL PROTECTED] Tue Jun 22 04:09:01 2004
Return-Path: <[EMAIL PROTECTED]>
X-Original-To: root
Delivered-To: [EMAIL PROTECTED]
Received: by tbox.myhouse.net (Postfix, from userid 0) id A916599DF0; Tue,
22 Jun 2004 04:09:01 -0400 (EDT)
To: [EMAIL PROTECTED]
Subject: [msec] *** Diff Check on tbox.myhouse.net, Tue Jun 22 04:09:00 EDT
2004 ***
Message-Id: <[EMAIL PROTECTED]>
Date: Tue, 22 Jun 2004 04:09:01 -0400 (EDT)
From: [EMAIL PROTECTED] (root)
X-Evolution-Source: mbox:/var/mail/terryg
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
Security Warning: There are modifications for port listening on your machine :
- Opened ports : udp 0 0 *:35008 *:*
726/local
Security Warning: These packages have changed on the system :
- Newly installed package : bittorrent-3.3-4mdk 1087872497
- Newly installed package : bittorrent-gui-3.3-4mdk 1087872498
- Newly installed package : libwxPythonGTK2.4-2.4.2.4-2mdk
1087872478
- Newly installed package : wxPythonGTK-2.4.2.4-2mdk 1087872490
____________________________________________________
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________
