No...just new entries in my inetd.conf file that I didn't put there
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
Um
Do a "netstat -l -n" and see what ports are open. (Mainly high ports, ie,
16000)
If you see any weird ones, from an external machine, telnet to them and see
what happens.
I think your box may have been root'ed or something...
Regards, Alan Lee
- Original Message -
From: [EMAIL
quote who="Peter Hardy"
With the following in my /etc/apt/sources.list
deb ftp://mirror.aarnet.edu.au/pub/debian stable main contrib non-free
deb ftp://mirror.aarnet.edu.au/pub/debian stable/non-US main contrib non-free
deb ftp://mirror.aarnet.edu.au/pub/debian dists/proposed-updates/
Aha.
quote who="Peter Hardy"
With the following in my /etc/apt/sources.list
deb ftp://mirror.aarnet.edu.au/pub/debian stable main contrib non-free
deb ftp://mirror.aarnet.edu.au/pub/debian stable/non-US main contrib non-free
deb ftp://mirror.aarnet.edu.au/pub/debian dists/proposed-updates/
In my
Or if you have strange ports on your own machine then try telneting to
them also and see what they give you.
I believe the Ramen worm does things with inetd.conf, but I don't think it
does what is being described. I agree, I think the box has been
compromised.
Have you monitored the traffic it
As (hopefully) you are all aware Linux.Conf.Au was held last week at
UNSW. We had lots of interesting and high-profile speakers there and
a number of them have agreed to venture forth to SLUG as well.
We hope to have Rik van Riel (Memory Management), Jeff Dike (UML --
User Mode Linux) and our
I agree that the machine has been compromised, thus my queries, but there
was nothing more that I could find than what I have already reported.
These symptoms do not seem to match anything that I have read about Ramen's
footprint. I have searched www.cert.org and reported it to them as well.
Is anyone from the blue mountains area going to slug tonight?
It would be nice to have a train buddy rather than my trusty
sony discman.
Dean
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
I agree that the machine has been compromised, thus my queries, but there
was nothing more that I could find than what I have already reported.
These symptoms do not seem to match anything that I have read about Ramen's
footprint. I have searched www.cert.org and reported it to them as well.
offtopic topic="MS hacked"
try a whois microsoft
/offtopic
--
Rick Welykochy || Praxis Services
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
On Mon, Jan 22, 2001 at 12:34:05PM +1100, Rick Welykochy said:
-- offtopic topic="MS hacked"
-- try a whois microsoft
-- /offtopic
Looks normal to me...? Remember that 'whois microsoft' will return a list of all
entries which match.. - domains, hosts, etc, so all the extra entries you're
server1:~$ whois microsoft.com
[whois.internic.net]
Whois Server Version 1.3
Domain names in the .com, .net, and .org domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Its amazing the ends people will go to to spend money on stupid ideas.
--
Howard.
LANNet Computing Associates http://lannetlinux.com
"...well, it worked before _you_ touched it!"
On Mon, 22 Jan 2001, Rick Welykochy wrote:
offtopic
The Microsoft doesnt need to be hacked, asl quake players might say
"it owns itself" meaning no one needs to mock it as it does a good
enough job already =)
freedom to innovation
lol
freedom to purchase innovations
Dean
Alan Lee wrote:
server1:~$ whois microsoft.com
[whois.internic.net]
Howard wrote:
Its amazing the ends people will go to to spend money on stupid ideas.
you're assuming someone registered all those domains, see
http://www.it.fairfax.com.au/breaking/20010122/A15467-2001Jan22.html
it appears someone hijacked their domain.
Dave.
--
SLUG - Sydney Linux User
15 matches
Mail list logo