RE: 31337

From: Rob Simmons (rsimmons@wlcg.com)
Date: 03/05/01


Date: Mon, 5 Mar 2001 14:49:04 -0500 (EST)
From: Rob Simmons <rsimmons@wlcg.com>
To: Jason DiCioccio <Jason.DiCioccio@Epylon.com>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

lsof is a solaris utility. You want to use fstat in FreeBSD.

Robert Simmons
Systems Administrator
http://www.wlcg.com/

On Mon, 5 Mar 2001, Jason DiCioccio wrote:

> Again, unless you added a few users on your system and one of them
> decided to run an irc server without asking you, i'd check lsof and
> see exactly who's running this.. Try irc'ing to the port also and
> find out where it's linked to etc. That could be useful if you really
> were 0wned. :)
>
> Cheers,
> -JD-
>
>
> -------
> Jason DiCioccio
> Evil Genius
> Unix BOFH
>
> -----Original Message-----
> From: Dag-Erling Smorgrav [mailto:des@ofug.org]
> Sent: Monday, March 05, 2001 11:23 AM
> To: dce
> Cc: security@FreeBSD.ORG
> Subject: Re: 31337
>
>
> dce <dce@squish.org> writes:
> > I have noticed the following ports open on my FreeBSD 4.2-STABLE
> > machine
> >
> > 31337/tcp open Elite
> > 6667/tcp open irc
>
> You're owned. Take your box off the net, take a backup, reinstall
> from
> trusted media (preferably original CD-ROMs from BSDI), transfer data
> (*no* executables, scripts or configuration files!) from backup. And
> get some security clue; the security(7) man page is a good place to
> start, though far from complete.
>
> DES
> --
> Dag-Erling Smorgrav - des@ofug.org
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> ------------ Output from gpg ------------
> gpg: Signature made Mon Mar 5 14:27:59 2001 EST using DSA key ID A97A6C9A
> gpg: requesting key A97A6C9A from wwwkeys.us.pgp.net ...
> gpg: no valid OpenPGP data found.
> gpg: Total number processed: 0
> gpg: Can't check signature: public key not found
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE6o+21v8Bofna59hYRAsaEAKDFU8TJbML3jVZEnLtLjmaIEfabBQCeIWIJ
1IbLTRyMqIFRWZED7qwXOeU=
=TnIU
-----END PGP SIGNATURE-----

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message