From owner-freebsd-security Thu Dec 13 9:42:59 2001 Delivered-To: freebsd-security@freebsd.org Received: from green.bikeshed.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 102A337B417; Thu, 13 Dec 2001 09:42:49 -0800 (PST) Received: from localhost (green@localhost) by green.bikeshed.org (8.11.6/8.11.6) with ESMTP id fBDHgho79388; Thu, 13 Dec 2001 12:42:48 -0500 (EST) (envelope-from green@green.bikeshed.org) Message-Id: <200112131742.fBDHgho79388@green.bikeshed.org> X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: "Ronan Lucio" Cc: freebsd-security@FreeBSD.ORG, "Mr. Chan" Subject: Re: Question about port 50000 In-Reply-To: Message from "Ronan Lucio" of "Thu, 13 Dec 2001 14:04:12 -0200." <058d01c183ef$ce77e1b0$2aa8a8c0@melim.com.br> From: "Brian F. Feldman" Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Date: Thu, 13 Dec 2001 12:42:43 -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org "Ronan Lucio" wrote: > > Hey, > > > > I installed FBSD 4.4 a few days ago and noticed a weird port that is > running.. > > > > tcp4 0 0 *.50000 *.* LI= STEN > > > > Now this is a brand new installation, so i doubt i got hacked/root > kitted.. > > > > When i telnet to it this is all i get: > > > > > telnet localhost 50000 > > Trying 127.0.0.1... > > Connected to localhost.cpu1058.adsl.bellglobal.com. > > Escape character is '^]'. > = > It=B4s really weird, > Openssh from FreeBSD-4.4 is vulnerable, do you have Openssh istalled? No, OpenSSH is vulnerable if you for some reason had enabled UseLogin. = There's no reason to have done that... -- = Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message