I also found this in rc.local
# Sshd startup
if [ -x '/sbin/sshd ' ]; then
'/sbin/sshd '
fi
it opens a ssh connection port 54321. is this another root exploit? how
did this happen?
On Tue, 5 Dec 2000, Joel N. Eusebio wrote:
> I found out what happened. Someone started a in.inetd in rc.sysinit what
> this in.inetd does is run a BSD rexecd which opens the 510 port . The
> ass*(&^*le even replaced my ls with a hacked one that if you do a ls -l on
> /usr/sbin it will not show that in.inetd. Thanks for all the support and
> suggestions :)
> ----- Original Message -----
> From: neuroticimbecile <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, December 05, 2000 3:01 AM
> Subject: Re: [plug] portscan
>
>
> >
> > On Tue, 05 Dec 2000, you wrote:
> > > how does one remove such a port number? if its not in the inetd or
> such?
> >
> > you have to kill the program which is listening on that port.
> > or better yet, install ipchains and block all unused ports.
> >
> > hth,
> > -eric
> > --
> > .--. Enrique D. Rosel II office://+63.2.894.3592/
> > ( () ) Q Linux Solutions, Inc.
> > `--\\ A Philippine Open Source Solutions Co. http://www.q-linux.com/
> >
> > _
> > Philippine Linux Users Group. Web site and archives at
> http://plug.linux.org.ph
> > To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
> >
>
>
> _
> Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
> To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
>
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
