Date: Mon, 5 Mar 2001 17:24:23 -0500 (EST) From: "Jonathan M. Slivko" <jslivko@datasyrge.net> To: Chris Byrnes <chris@jeah.net> Cc: dce <dce@squish.org>, security@FreeBSD.ORG Subject: RE: 31337 Message-ID: <Pine.LNX.4.21.0103051721220.13795-100000@equinox.datasyrge.net> In-Reply-To: <Pine.BSF.4.33.0103051612380.45434-100000@awww.jeah.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I would just like to add that there is a port in the current ports collection which is called boserver which *emulates* a basic BO server and runs on port 31137, etc. However, while this may not be the case, I would just like to point out that someone other than dce may have installed the port, assuming that someone else has root access on the machine besides himself. However, if thats not the case and he didn't install the port himself, i'm not sure. However, I would be very cautious with the machine from now on, just in case it was comprimised, untill some kind of real viable proof is shown in this case. Just my 2 cents. -- Jonathan M. Slivko On Mon, 5 Mar 2001, Chris Byrnes wrote: > Heh, an IRCD is running on the machine, EliteIRCD. > > > + Chris Byrnes, chris@JEAH.net > + JEAH Communications > + 1-866-AWW-JEAH (Toll-Free) > > > On Mon, 5 Mar 2001, dce wrote: > > > Hello, > > > > I have noticed the following ports open on my FreeBSD 4.2-STABLE machine > > > > 31337/tcp open Elite > > 6667/tcp open irc > > > > > > I have also noticed these open after CVSuping from 4.0-RELEASE to > > 4.2-STABLE... Is this normal? Has a rootkit been installed? Any > > information provided is greatly appreciated. > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- |~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| | Jonathan M. Slivko <jslivko@datasyrge.net> | | Global IRC Operator, AsylumNet IRC Networks | | Webpage: http://jslivko.datasyrge.net/ | | | |"Microsoft, is that some kind of toilet paper? | |"FreeeBSD: The Power to Serve -- www.freebsd.org" | |~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.21.0103051721220.13795-100000>