Try to telnet on that port.......I think ssh uses port 22 not 54321
On Tue, 5 Dec 2000, SYSTEMS ADMINISTRATOR wrote:
> I also found this in rc.local
>
>
> # Sshd startup
> if [ -x '/sbin/sshd ' ]; then
> '/sbin/sshd '
> fi
>
>
> it opens a ssh connection port 54321. is this another root exploit? how
> did this happen?
>
> On Tue, 5 Dec 2000, Joel N. Eusebio wrote:
>
> > I found out what happened. Someone started a in.inetd in rc.sysinit what
> > this in.inetd does is run a BSD rexecd which opens the 510 port . The
> > ass*(&^*le even replaced my ls with a hacked one that if you do a ls -l on
> > /usr/sbin it will not show that in.inetd. Thanks for all the support and
> > suggestions :)
> > ----- Original Message -----
> > From: neuroticimbecile <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Tuesday, December 05, 2000 3:01 AM
> > Subject: Re: [plug] portscan
> >
> >
> > >
> > > On Tue, 05 Dec 2000, you wrote:
> > > > how does one remove such a port number? if its not in the inetd or
> > such?
> > >
> > > you have to kill the program which is listening on that port.
> > > or better yet, install ipchains and block all unused ports.
> > >
> > > hth,
> > > -eric
> > > --
> > > .--. Enrique D. Rosel II office://+63.2.894.3592/
> > > ( () ) Q Linux Solutions, Inc.
> > > `--\\ A Philippine Open Source Solutions Co. http://www.q-linux.com/
> > >
> > > _
> > > Philippine Linux Users Group. Web site and archives at
> > http://plug.linux.org.ph
> > > To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
> > >
> >
> >
> > _
> > Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
> > To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
> >
>
>
> _
> Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
> To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
>
--
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
