RE: 31337

From: Rob Simmons (rsimmons@wlcg.com)
Date: 03/05/01


Date: Mon, 5 Mar 2001 14:49:04 -0500 (EST)
From: Rob Simmons <rsimmons@wlcg.com>
To: Jason DiCioccio <Jason.DiCioccio@Epylon.com>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

lsof is a solaris utility. You want to use fstat in FreeBSD.

Robert Simmons
Systems Administrator
http://www.wlcg.com/

On Mon, 5 Mar 2001, Jason DiCioccio wrote:

> Again, unless you added a few users on your system and one of them
> decided to run an irc server without asking you, i'd check lsof and
> see exactly who's running this.. Try irc'ing to the port also and
> find out where it's linked to etc. That could be useful if you really
> were 0wned. :)
>
> Cheers,
> -JD-
>
>
> -------
> Jason DiCioccio
> Evil Genius
> Unix BOFH
>
> -----Original Message-----
> From: Dag-Erling Smorgrav [mailto:des@ofug.org]
> Sent: Monday, March 05, 2001 11:23 AM
> To: dce
> Cc: security@FreeBSD.ORG
> Subject: Re: 31337
>
>
> dce <dce@squish.org> writes:
> > I have noticed the following ports open on my FreeBSD 4.2-STABLE
> > machine
> >
> > 31337/tcp open Elite
> > 6667/tcp open irc
>
> You're owned. Take your box off the net, take a backup, reinstall
> from
> trusted media (preferably original CD-ROMs from BSDI), transfer data
> (*no* executables, scripts or configuration files!) from backup. And
> get some security clue; the security(7) man page is a good place to
> start, though far from complete.
>
> DES
> --
> Dag-Erling Smorgrav - des@ofug.org
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> ------------ Output from gpg ------------
> gpg: Signature made Mon Mar 5 14:27:59 2001 EST using DSA key ID A97A6C9A
> gpg: requesting key A97A6C9A from wwwkeys.us.pgp.net ...
> gpg: no valid OpenPGP data found.
> gpg: Total number processed: 0
> gpg: Can't check signature: public key not found
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE6o+21v8Bofna59hYRAsaEAKDFU8TJbML3jVZEnLtLjmaIEfabBQCeIWIJ
1IbLTRyMqIFRWZED7qwXOeU=
=TnIU
-----END PGP SIGNATURE-----

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Relevant Pages

  • Re: sysutils/lsof author: API work?
    ... to engage anyone interested in improving lsof's interface ... did Vic looked at the facilities provided by sysctl kern.proc? ... hunch is that will be true of the standard FreeBSD ... an lsof API. ...
    (freebsd-current)
  • RE: 31337
    ... On Mon, 5 Mar 2001, Rob Simmons wrote: ... > lsof is a solaris utility. ... You want to use fstat in FreeBSD. ... no valid OpenPGP data found. ...
    (FreeBSD-Security)
  • Re: How to get the path of the running executable ?
    ... >>But lsof isn't part of the base os, at least not on FreeBSD or Solaris. ... >>For that matter, isn't /proc not mounted by default on FreeBSD? ...
    (comp.unix.bsd.freebsd.misc)
  • Re: Shared libraries used by an Unix process
    ... Lsof 4.71 is qualified on FreeBSD 4.10. ... If the target process is using shared libraries, ...
    (comp.unix.solaris)
  • Re: Shared libraries used by an Unix process
    ... Lsof 4.71 is qualified on FreeBSD 4.10. ... If the target process is using shared libraries, ...
    (comp.unix.programmer)