From owner-freebsd-security Mon Mar 5 11:26:18 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.epylon.com (sf-gw.epylon.com [63.93.9.98]) by hub.freebsd.org (Postfix) with ESMTP id 4F08537B718 for ; Mon, 5 Mar 2001 11:26:15 -0800 (PST) (envelope-from Jason.DiCioccio@Epylon.com) Received: by goofy.epylon.lan with Internet Mail Service (5.5.2653.19) id ; Mon, 5 Mar 2001 11:26:14 -0800 Message-ID: <657B20E93E93D4118F9700D0B73CE3EA0166D69D@goofy.epylon.lan> From: Jason DiCioccio To: 'Dag-Erling Smorgrav' , dce Cc: security@FreeBSD.ORG Subject: RE: 31337 Date: Mon, 5 Mar 2001 11:26:08 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Again, unless you added a few users on your system and one of them decided to run an irc server without asking you, i'd check lsof and see exactly who's running this.. Try irc'ing to the port also and find out where it's linked to etc. That could be useful if you really were 0wned. :) Cheers, - -JD- - ------- Jason DiCioccio Evil Genius Unix BOFH - -----Original Message----- From: Dag-Erling Smorgrav [mailto:des@ofug.org] Sent: Monday, March 05, 2001 11:23 AM To: dce Cc: security@FreeBSD.ORG Subject: Re: 31337 dce writes: > I have noticed the following ports open on my FreeBSD 4.2-STABLE > machine > > 31337/tcp open Elite > 6667/tcp open irc You're owned. Take your box off the net, take a backup, reinstall from trusted media (preferably original CD-ROMs from BSDI), transfer data (*no* executables, scripts or configuration files!) from backup. And get some security clue; the security(7) man page is a good place to start, though far from complete. DES - -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use iQA/AwUBOqPov1CmU62pemyaEQI5xwCeJTWMkDr6xvL71IxpZa/CwfHE4RcAn2R3 kwE9EtpODaAYuNm3v3U9HJ+o =IpwS -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message