>> rlogin?
>Yeah - where do those appear? daemons? etc/sysinit - thats my trouble - I
>dont know where to turn those off from - you see I dont need any remote
Open your /etc/inetd.conf in a favorite editor (mine is joe), and just
comment out everything except map, smtp, and httpd ( I do know if this is
required). Run kill -HUP inetd (if you do not want to reboot), and thats
all.
Run nmap -v your.IP.address and check if any port is open except smtp, imap,
and httpd.
Root kits are basically hacked binary like bind, telnet, ssh, and many other
which are installed on your machine once a hacker breaks in (first time, and
with root access). These binary provide easy access to hacker for comming
back. For example a telnetd daemon may allow password less login to hacker
for a particular username.
These type are difficult to detect as they listen to standard port.
These root kits also contains some daemon which listen to specific port for
connection and supply information or behave as per requirement of hacker.
These are easier to detect as they listen to specific port.
BTW if you are using dial up line, your IP address is dynamic, and chances
of breaking in your machine with root kit are practically nil.
Regards,
Mukund Deshmukh
Beta Computronics Pvt. Ltd.
Web Site - www.betacomp.com
>logins at all. Thats what worries me - is there a root kit thingee
somewhere?
>If so how do I track down and knock it off.
>
>
>Ashwin
>
>----------------------------------------------
>Find out more about this and other Linux India
>mailing lists at http://lists.linux-india.org/
>
----------------------------------------------
LIH is all for free speech. But it was created
for a purpose. Violations of the rules of
this list will result in stern action.
