Quoting Federico Sevilla III ([EMAIL PROTECTED]): >> 12345/tcp open NetBus >> 12346/tcp open NetBus >> 27665/tcp open Trinoo_Master >> 31337/tcp open Elite > > These look bad. You -may- have been compromised. Have you tried > installing and running chkrootkit?
I'll give extremely heavy odds that his host has not only been compromised, but also is now being used as an attack tool to execute Distributed Denial of Service attacks against other innocent sites. http://www.cert.org/tech_tips/win-UNIX-system_compromise.html http://linuxmafia.com/~rick/linux-info/root-compromise > If those your box has been compromised I highly recommend a reinstall. Absolutely. -- Cheers, "Please return all dogmas to their orthodox positions." Rick Moen -- Brad Johnson, in r.a.sf.w.r-j [EMAIL PROTECTED] _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
