Date: Mon, 5 Mar 2001 12:09:19 -0800 From: Alfred Perlstein <bright@wintelcom.net> To: Evren Yurtesen <yurtesen@ispro.net.tr> Cc: Dag-Erling Smorgrav <des@ofug.org>, dce <dce@squish.org>, security@FreeBSD.ORG Subject: Re: 31337 Message-ID: <20010305120919.X8663@fw.wintelcom.net> In-Reply-To: <Pine.BSF.4.21.0103052135450.10197-100000@finland.ispro.net.tr>; from yurtesen@ispro.net.tr on Mon, Mar 05, 2001 at 09:36:36PM %2B0200 References: <xzp8zmkxboc.fsf@flood.ping.uio.no> <Pine.BSF.4.21.0103052135450.10197-100000@finland.ispro.net.tr>
next in thread | previous in thread | raw e-mail | index | archive | help
* Evren Yurtesen <yurtesen@ispro.net.tr> [010305 11:30] wrote: > cant it be a person who has a shell and execute some daemons etc ? like > ircd? > > why does he need to reinstall his system? Oh, and as far as why a complete reinstall is a good idea, iss because you have _no idea_ as to how far the person has gone to install back doors in the system, only a complete reinstall has a good chance of fixing them all. > > Evren > > > dce <dce@squish.org> writes: > > > I have noticed the following ports open on my FreeBSD 4.2-STABLE machine > > > > > > 31337/tcp open Elite > > > 6667/tcp open irc > > > > You're owned. Take your box off the net, take a backup, reinstall from > > trusted media (preferably original CD-ROMs from BSDI), transfer data > > (*no* executables, scripts or configuration files!) from backup. And > > get some security clue; the security(7) man page is a good place to > > start, though far from complete. > > > > DES > > -- > > Dag-Erling Smorgrav - des@ofug.org > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010305120919.X8663>