Date: Mon, 5 Mar 2001 16:17:21 -0600 (CST) From: Chris Byrnes <chris@jeah.net> To: Rob Simmons <rsimmons@wlcg.com> Cc: Jason DiCioccio <Jason.DiCioccio@Epylon.com>, "'Dag-Erling Smorgrav'" <des@ofug.org>, dce <dce@squish.org>, <security@FreeBSD.ORG> Subject: RE: 31337 Message-ID: <Pine.BSF.4.33.0103051617150.45434-100000@awww.jeah.net> In-Reply-To: <Pine.BSF.4.33.0103051448120.84669-100000@mail.wlcg.com>
next in thread | previous in thread | raw e-mail | index | archive | help
HEH. lsof is in FreeBSD, too. + Chris Byrnes, chris@JEAH.net + JEAH Communications + 1-866-AWW-JEAH (Toll-Free) On Mon, 5 Mar 2001, Rob Simmons wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > lsof is a solaris utility. You want to use fstat in FreeBSD. > > Robert Simmons > Systems Administrator > http://www.wlcg.com/ > > On Mon, 5 Mar 2001, Jason DiCioccio wrote: > > > Again, unless you added a few users on your system and one of them > > decided to run an irc server without asking you, i'd check lsof and > > see exactly who's running this.. Try irc'ing to the port also and > > find out where it's linked to etc. That could be useful if you really > > were 0wned. :) > > > > Cheers, > > -JD- > > > > > > ------- > > Jason DiCioccio > > Evil Genius > > Unix BOFH > > > > -----Original Message----- > > From: Dag-Erling Smorgrav [mailto:des@ofug.org] > > Sent: Monday, March 05, 2001 11:23 AM > > To: dce > > Cc: security@FreeBSD.ORG > > Subject: Re: 31337 > > > > > > dce <dce@squish.org> writes: > > > I have noticed the following ports open on my FreeBSD 4.2-STABLE > > > machine > > > > > > 31337/tcp open Elite > > > 6667/tcp open irc > > > > You're owned. Take your box off the net, take a backup, reinstall > > from > > trusted media (preferably original CD-ROMs from BSDI), transfer data > > (*no* executables, scripts or configuration files!) from backup. And > > get some security clue; the security(7) man page is a good place to > > start, though far from complete. > > > > DES > > -- > > Dag-Erling Smorgrav - des@ofug.org > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > ------------ Output from gpg ------------ > > gpg: Signature made Mon Mar 5 14:27:59 2001 EST using DSA key ID A97A6C9A > > gpg: requesting key A97A6C9A from wwwkeys.us.pgp.net ... > > gpg: no valid OpenPGP data found. > > gpg: Total number processed: 0 > > gpg: Can't check signature: public key not found > > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.4 (FreeBSD) > Comment: For info see http://www.gnupg.org > > iD8DBQE6o+21v8Bofna59hYRAsaEAKDFU8TJbML3jVZEnLtLjmaIEfabBQCeIWIJ > 1IbLTRyMqIFRWZED7qwXOeU= > =TnIU > -----END PGP SIGNATURE----- > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.33.0103051617150.45434-100000>