That is exacly what I have in my rc.sysinit but I don't think that it is a
6.1 flaw......coz I have seen it also on 6.2 and 6.0 versions :)
----------------->jOEl
On Tue, 5 Dec 2000, SYSTEMS ADMINISTRATOR wrote:
> are you sure? if ever we have the same hacker pero i doubt it. do you
> think its a flaw in rh6.1? look at this
>
> # Inetd startup
> if [ -x /usr/sbin/in.inetd ]; then
> /usr/sbin/in.inetd -s
> fi
>
> I found this in rc.sysinit too.
>
> On Tue, 5 Dec 2000, Joel N. Eusebio wrote:
>
> > I found out what happened. Someone started a in.inetd in rc.sysinit what
> > this in.inetd does is run a BSD rexecd which opens the 510 port . The
> > ass*(&^*le even replaced my ls with a hacked one that if you do a ls -l on
> > /usr/sbin it will not show that in.inetd. Thanks for all the support and
> > suggestions :)
> > ----- Original Message -----
> > From: neuroticimbecile <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Tuesday, December 05, 2000 3:01 AM
> > Subject: Re: [plug] portscan
> >
> >
> > >
> > > On Tue, 05 Dec 2000, you wrote:
> > > > how does one remove such a port number? if its not in the inetd or
> > such?
> > >
> > > you have to kill the program which is listening on that port.
> > > or better yet, install ipchains and block all unused ports.
>
>
> _
> Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
> To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
>
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
