Re: Need help with LIDS..
From: Bill Marcum (bmarcum_at_iglou.com.urgent)
Date: 02/21/05
- Next message: tnozh_at_yahoo.com: "Re: highly secure live CD distro"
- Previous message: Bill Marcum: "Re: how to know last 10 login"
- In reply to: jsuthan: "Need help with LIDS.."
- Next in thread: jsuthan: "Re: Need help with LIDS.."
- Reply: jsuthan: "Re: Need help with LIDS.."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 21 Feb 2005 09:32:24 -0500
On Mon, 21 Feb 2005 21:08:15 +0800, jsuthan
<jsuthan@micronet.net> wrote:
> WHat does this means, and why would every "TOP" issue portscaning...
>
> Feb 21 20:45:26 zues kernel: LIDS: top (dev 3:1 inode 17322) pid 4342
> ppid 4325 uid/gid (1000/104) on (pts/13) : Port scan detected:
> 202.153.120.154 scanned 14 closed ports including 0 ports < 1024)
>
Maybe someone has installed a port scanner and named it "top".
find / -inum 17322 -print -exec md5sum {} \;
compare the file size, date and md5sum with a known good copy of top
- Next message: tnozh_at_yahoo.com: "Re: highly secure live CD distro"
- Previous message: Bill Marcum: "Re: how to know last 10 login"
- In reply to: jsuthan: "Need help with LIDS.."
- Next in thread: jsuthan: "Re: Need help with LIDS.."
- Reply: jsuthan: "Re: Need help with LIDS.."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
