Re: is my linux box trojaned by Trinity ?
From: Khayman (khayman-nopigbottom@bigfoot.com)Date: 05/30/02
- Next message: svek: "Re: logging all bash input and output"
- Previous message: RainbowHat: "Re: logging all bash input and output"
- In reply to: Lone Droid: "is my linux box trojaned by Trinity ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Khayman" <khayman-nopigbottom@bigfoot.com> Date: Thu, 30 May 2002 09:38:27 GMT
"Lone Droid" <lonedroid@yahoo.fr> skrev i meddelandet
news:7a7e8f78.0205291213.5b52ea31@posting.google.com...
> hi all,
>
> I just set up a new linux client on my local network
> with some firewalling rules (using iptables)...
>
> After two days, i've seen two different IP being blocked
> because they tried to access port 33270 (some Linux DoS Tool
> called Trinity ?). Here's what my iptable rule logged :
>
[snipped]
> Those packets came while i was surfing.
>
> My guess is that while I am surfing with my linux client some
> compromised
> host sees that I have a linux client and tries to see if Trinity is
> installed on my comp, but the fact that i receive no "SYN" packet
> is making me nervous (I wonder if Trinity could be on my comp ?)
>
I see those quite often, especially when I traceroute some host - I don't
think you have too much to worry about....
(followed by 33271, 33272, etc)
Try to connect to any of those hosts at 33270 and I'm quite sure the
connection will fail...
Khay.
- Next message: svek: "Re: logging all bash input and output"
- Previous message: RainbowHat: "Re: logging all bash input and output"
- In reply to: Lone Droid: "is my linux box trojaned by Trinity ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
