well i encounterd a new rootkit and the trojaned ssh was running on port
12345 just scan you box with chkrootkit (www.chkrootkit.org)
and look for /usr/bin/.e-o-n/ or something like that
Baba Bogdan
On Thu, 29 Nov 2001, Nicko Demeter wrote:
> Just because the ports are open it does not mean you have the trojans.
> One of my boxes that is acting as a bastion host is reporting that it
> runs two versions of finger and a gopher server among other things.
>
> Do the simple 'telnet localhost <port number>' test and look at what's
> there. Chances are that it could be another software you have installed.
>
> Nicko
>
> -----Original Message-----
> From: R. Toma
> Sent: Wed 11/28/2001 1:16 PM
> To: [EMAIL PROTECTED]
> Cc:
> Subject: ¡¡I NEED HELP!!
>
>
>
> I scanned my homeserver for open ports and I found that I have
> the ports:
>
> 12345 NetBus
> 20034 NetBus Pro
> 31337 BackOriffice
>
> open. Now, are these the famous trojans? I have linux, aren't
> they
> programmed for a MS platform? How can I close these ports????
>
> PLEASE!!!
>
>
>
>
> _________________________________________________________
>
> Do You Yahoo!?
>
> Get your free @yahoo.com address at http://mail.yahoo.com
>
>
>
>
>
>
