On Tuesday 07 January 2003 01:08 pm, Dennis Stephens wrote: > Saw the following in my syslog > > Jan 3 15:17:12 ardentpursuit portsentry[1120]: attackalert: External > command run for host: 218.156.227.172 using command: "/root/add2chain > 218.156.227.172 12345" > > Did that command actually run, or did portsentry prevent it from running?
Well, a Google search didn't come up with anything but Win32 exploits and there are (normally) no services running/listening to port 12345 on a LEAF box. The ip MX is owned by Korea Telecom. I don't run portsentry, so I'm not familiar with the output from it. I would definately take a look in your /root directory, but I would doubt your hacked....depending on what LEAF system and add-on packages you're using/config. In any case, I would do a thorough look at the box to make sure, unless somebody has any better insight into this. -- ~Lynn Avants Linux Embedded Appliance Firewall developer http://leaf.sourceforge.net ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
