Rami Addady wrote:

Few days a go my rsync server stop respond.
When I tried to figure out way, I discover that rpc.statd is listen to port 873.

Killing the rpc.statd process bypass the problem.

I'm using an updage CentOS 4.*  rsync start via xinetd.

Do you have any idea how it happen?

Your machine have been hacked and the attacker left a root kit which used a daemon that impersonates rpc.statd but uses a different port, which happens to be the rsync one?

Just a (paranoid) guess of course.

Gilad

=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]

Reply via email to