Date: Tue, 5 Feb 2002 22:24:24 -0200 (BRST) From: Paulo Fragoso <paulo@nlink.com.br> To: <freebsd-security@freebsd.org> Subject: Auditing Message-ID: <20020212021156.2632B9EFBE@okeeffe.bestweb.net>
next in thread | raw e-mail | index | archive | help
Hi, We have a client which was using 4.2-RELEASE and telnetd enabled. In that machine was running an ircd installed and started by a hacker, probaly exploiting telnetd hole. We have instaled 4.5-RELEASE using another HD and log_vain="YES" in the rc.conf. Some time after that upgrade, someone try to connect in this machine: Connection attempt to UDP mmm.mmm.mmm.mmm:22 from hhh.hhh.hhh.hhh:1384 How can we found in the old system all mechanism to enable remotely ircd or backdoor? Are there any rootkit which it has a backdoor at UDP port 22? Paulo. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020212021156.2632B9EFBE>