From owner-freebsd-security Mon Mar 5 10:13:56 2001 Delivered-To: freebsd-security@freebsd.org Received: from rapidnet.com (rapidnet.com [205.164.216.1]) by hub.freebsd.org (Postfix) with ESMTP id 9CCBD37B719 for ; Mon, 5 Mar 2001 10:13:53 -0800 (PST) (envelope-from traviso@RapidNet.com) Received: from localhost (traviso@localhost) by rapidnet.com (8.9.3/8.9.3) with ESMTP id LAA88369; Mon, 5 Mar 2001 11:13:46 -0700 (MST) Date: Mon, 5 Mar 2001 11:13:46 -0700 (MST) From: "Travis [Admin Team]" To: dce Cc: security@FreeBSD.ORG Subject: Re: 31337 In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 5 Mar 2001, dce wrote: > I have noticed the following ports open on my FreeBSD 4.2-STABLE machine > > 31337/tcp open Elite > 6667/tcp open irc > > > I have also noticed these open after CVSuping from 4.0-RELEASE to > 4.2-STABLE... Is this normal? Has a rootkit been installed? Any > information provided is greatly appreciated. 31337 is the ol Back Orifice remote administration tool - they are just probing - silly kiddiez. Travis /* -=[ Travis Ogden ]-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= RapidNet Admin Team "Courage is not defined by those who Phone#: 605.341.3283 fought and did not fall, but by those ICQ#: 30220771 who fought, fell, and rose again." Mail: traviso@RapidNet.com Fax#: 605.348.1031 Web: www.RapidNet.com/~traviso 800#: 800.763.2525 ATTENTION! "RapidNet has moved to 330 Knollwood Drive, Rapid City, SD 57701." -=-=-=-=-=-=-=-=-=-=-=-=-=-[ traviso@rapidnet.com ]=-=-=-=-= */ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message