At 08:42 PM 6/27/2002 +0800, [EMAIL PROTECTED] wrote: >Checking `bindshell'... INFECTED (PORTS: 31336) >Checking `rexedcs'... INFECTED > >What are "bindshell" and "/usr/sbin/in.rexedcs" anyway?
31336 is a trojan port for Bo Whack. Check google for more info. >I'm downloading procps now to replace my ps and top. How do I fix tcpd? If it isn't too much of a hassle, I would re-do the entire box. But, that's me, the paranoid. Before doing that though, I would check the usual (log files, check processes using lsof, check network connections using netstat, scan my machine using nmap, blah blah) so that hopefully, the compromise won't happen again. After re-installing (or fixing, whichever you prefer), I would do the necessary security updates (patches, those-you-don't-need-disable from (x)inetd, tcpwrappers if you want, iptables/ipchains, and put tripwire on the box) Good luck Froilan _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
