From owner-freebsd-security Mon Mar 5 11:50:32 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.wlcg.com (mail.wlcg.com [207.226.17.4]) by hub.freebsd.org (Postfix) with ESMTP id EC5CE37B71B for ; Mon, 5 Mar 2001 11:50:24 -0800 (PST) (envelope-from rsimmons@wlcg.com) Received: from localhost (rsimmons@localhost) by mail.wlcg.com (8.11.2/8.11.2) with ESMTP id f25Jn9B02021; Mon, 5 Mar 2001 14:49:09 -0500 (EST) (envelope-from rsimmons@wlcg.com) Date: Mon, 5 Mar 2001 14:49:04 -0500 (EST) From: Rob Simmons To: Jason DiCioccio Cc: "'Dag-Erling Smorgrav'" , dce , Subject: RE: 31337 In-Reply-To: <657B20E93E93D4118F9700D0B73CE3EA0166D69D@goofy.epylon.lan> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 lsof is a solaris utility. You want to use fstat in FreeBSD. Robert Simmons Systems Administrator http://www.wlcg.com/ On Mon, 5 Mar 2001, Jason DiCioccio wrote: > Again, unless you added a few users on your system and one of them > decided to run an irc server without asking you, i'd check lsof and > see exactly who's running this.. Try irc'ing to the port also and > find out where it's linked to etc. That could be useful if you really > were 0wned. :) > > Cheers, > -JD- > > > ------- > Jason DiCioccio > Evil Genius > Unix BOFH > > -----Original Message----- > From: Dag-Erling Smorgrav [mailto:des@ofug.org] > Sent: Monday, March 05, 2001 11:23 AM > To: dce > Cc: security@FreeBSD.ORG > Subject: Re: 31337 > > > dce writes: > > I have noticed the following ports open on my FreeBSD 4.2-STABLE > > machine > > > > 31337/tcp open Elite > > 6667/tcp open irc > > You're owned. Take your box off the net, take a backup, reinstall > from > trusted media (preferably original CD-ROMs from BSDI), transfer data > (*no* executables, scripts or configuration files!) from backup. And > get some security clue; the security(7) man page is a good place to > start, though far from complete. > > DES > -- > Dag-Erling Smorgrav - des@ofug.org > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > ------------ Output from gpg ------------ > gpg: Signature made Mon Mar 5 14:27:59 2001 EST using DSA key ID A97A6C9A > gpg: requesting key A97A6C9A from wwwkeys.us.pgp.net ... > gpg: no valid OpenPGP data found. > gpg: Total number processed: 0 > gpg: Can't check signature: public key not found > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6o+21v8Bofna59hYRAsaEAKDFU8TJbML3jVZEnLtLjmaIEfabBQCeIWIJ 1IbLTRyMqIFRWZED7qwXOeU= =TnIU -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message