On Tuesday, June 17, 2003, at 09:36 PM, Bill Moran wrote:
I found a web page that claims that nscd is a Debian program called
"name service cache daemon". (Cache only DNS server?) So if it's connecting
to any port other than DNS, it's probably a trojan pretending to be nscd.

I think that I found the same page. I agree with your assessment. The IP address that it is attempting to connect to is not found via traceroute and is registered to what appears to be a Russian ISP. How odd....

I'll be grabbing new source code and recompiling everything tomorrow. The box was running 4.7-Stable anyway. :) The troubling part is that the process claims to be /usr/sbin/nscd, but that file doesn't exist. I'll have to see how they did that with lsof, mergemaster, etc.


[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to