are you sure? if ever we have the same hacker pero i doubt it. do you
think its a flaw in rh6.1? look at this
# Inetd startup
if [ -x /usr/sbin/in.inetd ]; then
/usr/sbin/in.inetd -s
fi
I found this in rc.sysinit too.
On Tue, 5 Dec 2000, Joel N. Eusebio wrote:
> I found out what happened. Someone started a in.inetd in rc.sysinit what
> this in.inetd does is run a BSD rexecd which opens the 510 port . The
> ass*(&^*le even replaced my ls with a hacked one that if you do a ls -l on
> /usr/sbin it will not show that in.inetd. Thanks for all the support and
> suggestions :)
> ----- Original Message -----
> From: neuroticimbecile <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, December 05, 2000 3:01 AM
> Subject: Re: [plug] portscan
>
>
> >
> > On Tue, 05 Dec 2000, you wrote:
> > > how does one remove such a port number? if its not in the inetd or
> such?
> >
> > you have to kill the program which is listening on that port.
> > or better yet, install ipchains and block all unused ports.
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
