Jaime wrote:
        FWIW, I think that I found the problem.  With the help of our ISP,
we've found that one of my servers has been dumping so many packets out to
the Internet that our router was dropping packets.  I've unplugged it at
this point and we do not have the same symptoms at this time.

        The clues to a crack are evident, too.  A process "/usr/sbin/nscd"
is running on the box according to top and ps, but the file does not
exist.  Further more, I never told such a process to execute.  Shortly
after a reboot, a netstat command showed a connection to 37303 on a remote
host.  I was the only person logged in and I did not initiate that

        Obviously, I'll be taking steps to find the crack and remote it.
:)  If anyone wants to suggest something to check, I'd appreciate it.

I found a web page that claims that nscd is a Debian program called "name service cache daemon". (Cache only DNS server?) So if it's connecting to any port other than DNS, it's probably a trojan pretending to be nscd.

Bill Moran
Potential Technologies

[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to