Date: Mon, 5 Mar 2001 11:26:08 -0800 From: Jason DiCioccio <Jason.DiCioccio@Epylon.com> To: 'Dag-Erling Smorgrav' <des@ofug.org>, dce <dce@squish.org> Cc: security@FreeBSD.ORG Subject: RE: 31337 Message-ID: <657B20E93E93D4118F9700D0B73CE3EA0166D69D@goofy.epylon.lan>
next in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Again, unless you added a few users on your system and one of them decided to run an irc server without asking you, i'd check lsof and see exactly who's running this.. Try irc'ing to the port also and find out where it's linked to etc. That could be useful if you really were 0wned. :) Cheers, - -JD- - ------- Jason DiCioccio Evil Genius Unix BOFH - -----Original Message----- From: Dag-Erling Smorgrav [mailto:des@ofug.org] Sent: Monday, March 05, 2001 11:23 AM To: dce Cc: security@FreeBSD.ORG Subject: Re: 31337 dce <dce@squish.org> writes: > I have noticed the following ports open on my FreeBSD 4.2-STABLE > machine > > 31337/tcp open Elite > 6667/tcp open irc You're owned. Take your box off the net, take a backup, reinstall from trusted media (preferably original CD-ROMs from BSDI), transfer data (*no* executables, scripts or configuration files!) from backup. And get some security clue; the security(7) man page is a good place to start, though far from complete. DES - -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>; iQA/AwUBOqPov1CmU62pemyaEQI5xwCeJTWMkDr6xvL71IxpZa/CwfHE4RcAn2R3 kwE9EtpODaAYuNm3v3U9HJ+o =IpwS -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?657B20E93E93D4118F9700D0B73CE3EA0166D69D>