Re: Comprimised Linux server!
- From: "Doug Holtz NOSPAM in adress" <dholtzNOSPAM@xxxxxxxxx>
- Date: Tue, 21 Mar 2006 13:59:33 GMT
"Tom" <tlarmon@xxxxxxxxx> wrote in message
I'll keep this anonymous, but check these out (note telnet):
[root@server cgi-bin]# nmap -v 10.2.2.21
Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2006-03-20
Initiating SYN Stealth Scan against host-10-2-2-21.domain.com
(10.2.2.21) [1663 ports] at 19:36
Discovered open port 23/tcp on 10.2.2.21
Discovered open port 443/tcp on 10.2.2.21
Discovered open port 80/tcp on 10.2.2.21
Discovered open port 22/tcp on 10.2.2.21
Discovered open port 25/tcp on 10.2.2.21
Discovered open port 139/tcp on 10.2.2.21
Discovered open port 802/tcp on 10.2.2.21
Discovered open port 917/tcp on 10.2.2.21
Discovered open port 81/tcp on 10.2.2.21
Discovered open port 111/tcp on 10.2.2.21
Discovered open port 6969/tcp on 10.2.2.21
The SYN Stealth Scan took 0.12s to scan 1663 total ports.
Host host-10-2-2-21.domain.com (10.2.2.21) appears to be up ... good.
Interesting ports on host-.domain.com (10.2.2.21):
(The 1652 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
80/tcp open http
81/tcp open hosts2-ns
111/tcp open rpcbind
139/tcp open netbios-ssn
443/tcp open https
802/tcp open unknown
917/tcp open unknown
6969/tcp open acmsoda
Nmap finished: 1 IP address (1 host up) scanned in 0.258 seconds
Raw packets sent: 1665 (66.6KB) | Rcvd: 3339 (134KB)
On 20 Mar 2006 16:23:57 -0800, "Tom" <tlarmon@xxxxxxxxx> wrote:
How should I port the sites over from backup when they are most likely
The system is compromised, as you may be too, depending on the content
you've been serving, and local laws.
Start clean, and I do mean zero then format OS partitions before
re-install, 'when in doubt, chuck it out'. Otherwise you get to
do all this over again next month.
Memory fault -- brain fried
Another 2 cents.
You did not describe the business this server performs. If it is a web
server for customers, build a new machine and copy the customer sites over.
Then exchange machines in off hours.
- Prev by Date: Re: Comprimised Linux server!
- Next by Date: Re: Funny Lines in Access_log
- Previous by thread: Re: Comprimised Linux server!
- Next by thread: Re: Comprimised Linux server!