Or if you have strange ports on your own machine then try telneting to
them also and see what they give you.
I believe the Ramen worm does things with inetd.conf, but I don't think it
does what is being described. I agree, I think the box has been
compromised.
Have you monitored the traffic it might be sending out using tcpdump?
--
Howard.
____________________________________________________
LANNet Computing Associates <http://lannetlinux.com>
"...well, it worked before _you_ touched it!"
On Sun, 21 Jan 2001, Alan Lee wrote:
> Um
>
> Do a "netstat -l -n" and see what ports are open. (Mainly high ports, ie,
> 16000)
>
> If you see any weird ones, from an external machine, telnet to them and see
> what happens.
>
> I think your box may have been root'ed or something...
>
>
> Regards, Alan Lee
>
>
> ----- Original Message -----
> From: <[EMAIL PROTECTED]>
> To: "Howard Lowndes" <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Sunday, January 21, 2001 8:41 PM
> Subject: Re: [SLUG] inetd.conf query
>
>
> > No...just new entries in my inetd.conf file that I didn't put there
> >
> >
> >
> > --
> > SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
> > More Info: http://slug.org.au/lists/listinfo/slug
> >
>
>
>
>
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
