On Mon, Jan 13, 2003 at 08:30:16AM +0800, user clueless wrote: > Guys, I did an "nmap localhost" and this is what i got:
First off you've got quite a bit installed. I doubt you need all those services. You may want to clean up by removing programs you don't need, and editing /etc/inetd.conf to comment out default services that you don't need to run. > 12345/tcp open NetBus > 12346/tcp open NetBus > 27665/tcp open Trinoo_Master > 31337/tcp open Elite These look bad. You -may- have been compromised. Have you tried installing and running chkrootkit? > Take note of the last several lines!!! The box in question is a > standalone debian woody at home whose connection to the net is via a > prepaid internet account. Is this a snapshot of Woody while it was the testing tree? Or is this in sync with the latest stable tree? > HEELPP!!! If those your box has been compromised I highly recommend a reinstall. --> Jijo -- Federico Sevilla III : http://jijo.free.net.ph : When we speak of free Network Administrator : The Leather Collection, Inc. : software we refer to GnuPG Key ID : 0x93B746BE : freedom, not price. _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
