On Tue, 22 May 2001, dwen wrote:
>
>
> > did you update lpr?
> i dont use that.
you may not, but RH 6.2 installs *and enables it* by default. Check your
ps
>
> > what other services are open?
> ssh, radius and mail.
sendmail ? another candidate.
>
> > Do you have local users? kernels < 2.2.19 have a local root exploit
> so many, and im using default kernel of RH 6.2. I guess i really need to
> upgrade to a newer version.
kernel RPMS are available for 6.2, hurry! \8)
>
>
>
> thanks,
> dwen
>
> > and of course, don't discount the possibility of a root password leak..
> >
> >
> > On Tue, 22 May 2001, dwen wrote:
> >
> > >
> > >
> > > im using tcp wrappers, bind 9.1.0 and apache 1.3.19, telnet and ftp are
> > > both disbled...how the heck he do that ?!
> > >
> > >
> > > hope its not that late...
> > >
> > > thanks
> > > dwen
> > >
> > >
> > > On Tue, 22 May 2001, Ian C. Sison wrote:
> > >
> > > >
> > > > it's a back door installed by a root-kit which will allow root shell
> > > > access to your machine to anyone telnetting to port 10008
> > > >
> > > > On Tue, 22 May 2001, dwen wrote:
> > > >
> > > > >
> > > > >
> > > > > its not running, im just wondering why there's a line like that.
> > > > >
> > > > >
> > > > >
> > > > > thanks,
> > > > > dwen
> > > > >
> > > > >
> > > > > On Tue, 22 May 2001, Ian C. Sison wrote:
> > > > >
> > > > > >
> > > > > > Gee, you can find out for yourself
> > > > > >
> > > > > > try:
> > > > > >
> > > > > > telnet your-box-name 10008
> > > > > >
> > > > > > \8)
> > > > > >
> > > > > >
> > > > > > On Tue, 22 May 2001, dwen wrote:
> > > > > >
> > > > > > >
> > > > > > >
> > > > > > > file: /etc/inetd.conf
> > > > > > > i have this line :
> > > > > > >
> > > > > > > 10008 stream tcp nowait root /bin/sh sh
> > > > > > >
> > > > > > > what will it do ?
> > > > > > >
> > > > > > >
> > > > > > > thanks,
> > > > > > > dwen
> > > > > > >
> > > > > > >
> > > > > > > _
> > > > > > > Philippine Linux Users Group. Web site and archives at
>http://plug.linux.org.ph
> > > > > > > To leave: send "unsubscribe" in the body to
>[EMAIL PROTECTED]
> > > > > > >
> > > > > > > To subscribe to the Linux Newbies' List: send "subscribe" in the body to
>[EMAIL PROTECTED]
> > > > > > >
> > > > > >
> > > > > > _
> > > > > > Philippine Linux Users Group. Web site and archives at
>http://plug.linux.org.ph
> > > > > > To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
> > > > > >
> > > > > > To subscribe to the Linux Newbies' List: send "subscribe" in the body to
>[EMAIL PROTECTED]
> > > > > >
> > > > >
> > > > > _
> > > > > Philippine Linux Users Group. Web site and archives at
>http://plug.linux.org.ph
> > > > > To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
> > > > >
> > > > > To subscribe to the Linux Newbies' List: send "subscribe" in the body to
>[EMAIL PROTECTED]
> > > > >
> > > >
> > > > _
> > > > Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
> > > > To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
> > > >
> > > > To subscribe to the Linux Newbies' List: send "subscribe" in the body to
>[EMAIL PROTECTED]
> > > >
> > >
> > > _
> > > Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
> > > To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
> > >
> > > To subscribe to the Linux Newbies' List: send "subscribe" in the body to
>[EMAIL PROTECTED]
> > >
> >
> > _
> > Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
> > To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
> >
> > To subscribe to the Linux Newbies' List: send "subscribe" in the body to
>[EMAIL PROTECTED]
> >
>
> _
> Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
> To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
>
> To subscribe to the Linux Newbies' List: send "subscribe" in the body to
>[EMAIL PROTECTED]
>
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
