Date: Wed, 13 Dec 2000 17:42:49 +0100 From: Szilveszter Adam <sziszi@petra.hos.u-szeged.hu> To: freebsd-security@FreeBSD.ORG Subject: Re: 911 lockdown! Message-ID: <20001213174249.L24233@petra.hos.u-szeged.hu> In-Reply-To: <xzpn1e0l1ss.fsf@flood.ping.uio.no>; from des@ofug.org on Wed, Dec 13, 2000 at 05:32:35PM %2B0100 References: <Pine.BSF.4.21.0012131048420.489-100000@www.freebsdbox.com> <xzpn1e0l1ss.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello! On Wed, Dec 13, 2000 at 05:32:35PM +0100, Dag-Erling Smorgrav wrote: > > 587/tcp open submission > > This is probably a back door the intruder left behind. Use sockstat(1) > to determine which process owns the socket, and kill it (and make sure > it doesn't restart when you reboot) > Uhm, if he is running sendmail (a recent version,) than it may be just that: sendmail now runs on two ports, 25 and 587 unless configured otherwise. OTB it will listen on both ports. Esp since he said that telnetting to this port starts up a sendmail which is expected behaviour. -- Regards: Szilveszter ADAM Szeged University Szeged Hungary To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001213174249.L24233>