Re: TCP 6006 and echo (port 7) Mandrake (possible new trojan?)
From: Wojtek Walczak (gminick@hacker.pl)
Date: 12/09/02
- Next message: Jon Portnoy: "Re: Really headache on antispam!"
- Previous message: Joshua Kuo: "Re: TCP 6006 and echo (port 7) Mandrake (possible new trojan?)"
- In reply to: Joshua Kuo: "TCP 6006 and echo (port 7) Mandrake (possible new trojan?)"
- Next in thread: Joshua Kuo: "Re: TCP 6006 and echo (port 7) Mandrake (possible new trojan?)"
- Reply: Joshua Kuo: "Re: TCP 6006 and echo (port 7) Mandrake (possible new trojan?)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Wojtek Walczak <gminick@hacker.pl> Date: Mon, 9 Dec 2002 16:56:25 +0000 (UTC)
Dnia Sun, 08 Dec 2002 13:58:49 -0800, Joshua Kuo napisał(a):
># telnet localhost 6006
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> SSH-1.5-OpenSSH-2.9.2
type
netstat -tupan
get a PID of that process, then do
ls -l /proc/PID/exe
and you'll find location of that server's binary.
Are you that person, who placed sshd binary in place you'll find out?
-- [ ] gminick (at) underground.org.pl http://gminick.linuxsecurity.pl/ [ ] [ "Po prostu lubie poranna samotnosc, bo wtedy kawa smakuje najlepiej." ]
- Next message: Jon Portnoy: "Re: Really headache on antispam!"
- Previous message: Joshua Kuo: "Re: TCP 6006 and echo (port 7) Mandrake (possible new trojan?)"
- In reply to: Joshua Kuo: "TCP 6006 and echo (port 7) Mandrake (possible new trojan?)"
- Next in thread: Joshua Kuo: "Re: TCP 6006 and echo (port 7) Mandrake (possible new trojan?)"
- Reply: Joshua Kuo: "Re: TCP 6006 and echo (port 7) Mandrake (possible new trojan?)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
