> monitor> hello all. I have observed that there is a trojan called
> monitor> The Thing using port number 6000 on one of the linux
> monitor> machines. can any one give me the removal instructions
> monitor> and how to block desired ports on linux. im running rhl
> monitor> 7.2 smp.
>
> If it's port 6000/tcp, then it should be your X server.
LOL...
I suppose the original poster used a port scanner to scan for externally
accessible trojans. Don't use a port scanner to find out trojans. Most
trojans use well known ports anyway, so you will not be able to catch them
with a port scanner. A better approach would be to use a trojan scanner that
does a process scan and tries to find out infected processes. IMHO most
Linux trojans are root shells that provide a root shell terminal to any one
who telnets to that port, so you can check that out too.
One way to ensure that you are ahead of the worm/buffrer overflow exploits
is to not use the stock precompiled binaries that come with your distro. For
every app running as a server and accessible remotely, make sure that it is
recompiled with some changes. This will ensure that most of the common worms
and exploits used by script kiddies are defeated. If you use redhat linux,
then consider recompiling your distro for the target cpu that you are using,
and probably with some config options that are different from the stock
compile. Don't do this if you don't know what I am talking about here. Or
probably use gentoo linux in your production machines!
Ambar
================================================
To unsubscribe, send email to [EMAIL PROTECTED] with unsubscribe in subject
header. Check archives at http://www.mail-archive.com/ilugd%40wpaa.org
