From owner-freebsd-security Mon Mar 5 10:41:36 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.epylon.com (sf-gw.epylon.com [63.93.9.98]) by hub.freebsd.org (Postfix) with ESMTP id 7CADC37B71B for ; Mon, 5 Mar 2001 10:41:32 -0800 (PST) (envelope-from Jason.DiCioccio@Epylon.com) Received: by goofy.epylon.lan with Internet Mail Service (5.5.2653.19) id ; Mon, 5 Mar 2001 10:41:31 -0800 Message-ID: <657B20E93E93D4118F9700D0B73CE3EA0166D69A@goofy.epylon.lan> From: Jason DiCioccio To: 'Chris Faulhaber' , dce Cc: security@FreeBSD.ORG Subject: RE: 31337 Date: Mon, 5 Mar 2001 10:41:26 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: multipart/mixed; boundary="----_=_NextPart_000_01C0A5A3.E2435650" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_000_01C0A5A3.E2435650 Content-Type: text/plain; charset="iso-8859-1" -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 heh, looks like an irc server to me. Try going to it with an IRC client. People running ircds do tend to use port 31337 as well. Cheers, - -JD- - ------- Jason DiCioccio Evil Genius Unix BOFH - -----Original Message----- From: Chris Faulhaber [mailto:jedgar@fxp.org] Sent: Monday, March 05, 2001 10:15 AM To: dce Cc: security@FreeBSD.ORG Subject: Re: 31337 On Mon, Mar 05, 2001 at 10:20:11AM -0800, dce wrote: > Hello, > > I have noticed the following ports open on my FreeBSD 4.2-STABLE > machine > > 31337/tcp open Elite > 6667/tcp open irc > > > I have also noticed these open after CVSuping from 4.0-RELEASE to > 4.2-STABLE... Is this normal? Has a rootkit been installed? Any > information provided is greatly appreciated. First step would be to find out what programs have the above ports open (hint: use sockstat)... - -- Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org - -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use iQA/AwUBOqPeRFCmU62pemyaEQI3fwCgpaagO7T/oqKIqOxFjIwRVZBLNr0AoK1x KqUhA1cezzlctgz6K6xASmSI =k7k3 -----END PGP SIGNATURE-----  ------_=_NextPart_000_01C0A5A3.E2435650 Content-Type: application/octet-stream; name="Jason DiCioccio.vcf" Content-Disposition: attachment; filename="Jason DiCioccio.vcf" BEGIN:VCARD VERSION:2.1 N:DiCioccio;Jason FN:Jason DiCioccio ORG:epylon.com;operations TITLE:UNIX ADMIN ADR;WORK:;;645 Harrison St;San Francisco;CA;94107;usa LABEL;WORK;ENCODING=QUOTED-PRINTABLE:645 Harrison St=0D=0ASan Francisco, CA 94107=0D=0Ausa EMAIL;PREF;INTERNET:Jason.DiCioccio@Epylon.com REV:19990105T135529Z END:VCARD ------_=_NextPart_000_01C0A5A3.E2435650-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message