Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 5 Mar 2001 13:12:25 -0700 (MST)
From:      "David G. Andersen" <dga@pobox.com>
To:        bright@wintelcom.net (Alfred Perlstein)
Cc:        yurtesen@ispro.net.tr (Evren Yurtesen), des@ofug.org (Dag-Erling Smorgrav), dce@squish.org (dce), security@FreeBSD.ORG
Subject:   Re: 31337
Message-ID:  <200103052012.NAA11367@faith.cs.utah.edu>
In-Reply-To: <20010305120825.W8663@fw.wintelcom.net> from "Alfred Perlstein" at Mar 05, 2001 12:08:25 PM
next in thread | previous in thread | raw e-mail | index | archive | help 
That's not correct.  Nmap has the "Elite" service name built in to
its nmap-services file.  Mostly because of the obvious 5kr1p7 k11d13
name mapping.  His /etc/services is probably just fine.

   -Dave

Lo and behold, Alfred Perlstein once said:
> 
> * Evren Yurtesen <yurtesen@ispro.net.tr> [010305 11:30] wrote:
> > cant it be a person who has a shell and execute some daemons etc ? like
> > ircd?
> > 
> > why does he need to reinstall his system?
> 
> Because if the box is reporting port 31337 as the 'elite' service
> it means someone most likely has modified /etc/services which
> indicates that they have attained elevated privs somehow.
> 
> 
> > 
> > Evren
> > 
> > > dce <dce@squish.org> writes:
> > > > I have noticed the following ports open on my FreeBSD 4.2-STABLE machine
> > > > 
> > > > 31337/tcp  open        Elite
> > > > 6667/tcp   open        irc
> > > 
> > > You're owned. Take your box off the net, take a backup, reinstall from
> > > trusted media (preferably original CD-ROMs from BSDI), transfer data
> > > (*no* executables, scripts or configuration files!) from backup. And
> > > get some security clue; the security(7) man page is a good place to
> > > start, though far from complete.
> > > 
> > > DES
> > > -- 
> > > Dag-Erling Smorgrav - des@ofug.org
> > > 
> > > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > > with "unsubscribe freebsd-security" in the body of the message
> > > 
> > 
> > 
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-security" in the body of the message
> 
> -- 
> -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org]
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 


-- 
work: dga@lcs.mit.edu                          me:  dga@pobox.com
      MIT Laboratory for Computer Science           http://www.angio.net/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200103052012.NAA11367>