Rami Addady wrote:
Few days a go my rsync server stop respond.
When I tried to figure out way, I discover that rpc.statd is listen to
port 873.
Killing the rpc.statd process bypass the problem.
I'm using an updage CentOS 4.* rsync start via xinetd.
Do you have any idea how it happen?
Your machine have been hacked and the attacker left a root kit which
used a daemon that impersonates rpc.statd but uses a different port,
which happens to be the rsync one?
Just a (paranoid) guess of course.
Gilad
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
