From owner-freebsd-security Mon Mar 5 14:31:20 2001 Delivered-To: freebsd-security@freebsd.org Received: from d156h168.resnet.uconn.edu (d156h168.resnet.uconn.edu [137.99.156.168]) by hub.freebsd.org (Postfix) with SMTP id ACCE137B72F for ; Mon, 5 Mar 2001 14:31:05 -0800 (PST) (envelope-from sirmoo@cowbert.2y.net) Received: (qmail 32689 invoked by alias); 5 Mar 2001 22:31:04 -0000 Received: from unknown (HELO sirmoobert) (137.99.158.30) by d156h168.resnet.uconn.edu with SMTP; 5 Mar 2001 22:31:04 -0000 Message-ID: <005c01c0a5c3$e66bbcc0$1e9e6389@137.99.156.23> From: "Peter C. Lai" To: "Chris Byrnes" , "Rob Simmons" Cc: "Jason DiCioccio" , "'Dag-Erling Smorgrav'" , "dce" , References: Subject: Re: 31337 Date: Mon, 5 Mar 2001 17:30:36 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org [cowbert@huskyhype]:/usr/home/cowbert/dnetc$ locate lsof /usr/ports/sysutils/lsof as previously stated you can find it in the ports collection. ----- Original Message ----- From: "Chris Byrnes" To: "Rob Simmons" Cc: "Jason DiCioccio" ; "'Dag-Erling Smorgrav'" ; "dce" ; Sent: Monday, March 05, 2001 5:17 PM Subject: RE: 31337 > HEH. lsof is in FreeBSD, too. > > > + Chris Byrnes, chris@JEAH.net > + JEAH Communications > + 1-866-AWW-JEAH (Toll-Free) > > > On Mon, 5 Mar 2001, Rob Simmons wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > lsof is a solaris utility. You want to use fstat in FreeBSD. > > > > Robert Simmons > > Systems Administrator > > http://www.wlcg.com/ > > > > On Mon, 5 Mar 2001, Jason DiCioccio wrote: > > > > > Again, unless you added a few users on your system and one of them > > > decided to run an irc server without asking you, i'd check lsof and > > > see exactly who's running this.. Try irc'ing to the port also and > > > find out where it's linked to etc. That could be useful if you really > > > were 0wned. :) > > > > > > Cheers, > > > -JD- > > > > > > > > > ------- > > > Jason DiCioccio > > > Evil Genius > > > Unix BOFH > > > > > > -----Original Message----- > > > From: Dag-Erling Smorgrav [mailto:des@ofug.org] > > > Sent: Monday, March 05, 2001 11:23 AM > > > To: dce > > > Cc: security@FreeBSD.ORG > > > Subject: Re: 31337 > > > > > > > > > dce writes: > > > > I have noticed the following ports open on my FreeBSD 4.2-STABLE > > > > machine > > > > > > > > 31337/tcp open Elite > > > > 6667/tcp open irc > > > > > > You're owned. Take your box off the net, take a backup, reinstall > > > from > > > trusted media (preferably original CD-ROMs from BSDI), transfer data > > > (*no* executables, scripts or configuration files!) from backup. And > > > get some security clue; the security(7) man page is a good place to > > > start, though far from complete. > > > > > > DES > > > -- > > > Dag-Erling Smorgrav - des@ofug.org > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > > > ------------ Output from gpg ------------ > > > gpg: Signature made Mon Mar 5 14:27:59 2001 EST using DSA key ID A97A6C9A > > > gpg: requesting key A97A6C9A from wwwkeys.us.pgp.net ... > > > gpg: no valid OpenPGP data found. > > > gpg: Total number processed: 0 > > > gpg: Can't check signature: public key not found > > > > > > > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.0.4 (FreeBSD) > > Comment: For info see http://www.gnupg.org > > > > iD8DBQE6o+21v8Bofna59hYRAsaEAKDFU8TJbML3jVZEnLtLjmaIEfabBQCeIWIJ > > 1IbLTRyMqIFRWZED7qwXOeU= > > =TnIU > > -----END PGP SIGNATURE----- > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message