It had a very current date and time stamp so I have renamed it and placed it
in a temp directory, very suspect, thanx for the tip.
-----Original Message-----
From: Bernhard L�der <[EMAIL PROTECTED]>
To: Peter McCarthy <[EMAIL PROTECTED]>
Date: Saturday, 25 December 1999 10:54 PM
Subject: RE: [SLUG] Inetd hack
It is possibly a program they place in /usr/sbin. Check it.
Bernhard
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Peter McCarthy
Sent: Saturday, December 25, 1999 21:18
To: Linux Sydney [SLUG]
Subject: [SLUG] Inetd hack
Howdy all and Merry Christmas !
I recently had someone hack my system (no a big deal as I planned to upgrade
it anyway).
But what they did in attempt to leave a back door I found intriguing.
the following lines in /etc/inetd.conf we added by my unwelcome guest.
telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
37 stream tcp nowait root /usr/sbin/sock
/usr/sbin/sock
I'm not entirely sure what this person achieved by these line (comments
welcome !) Is it an attempt to place a root shell on telnet port 37 ?
And what is sock anyhow ?
I suspect this person gained access to my system via ftpd, is this really
such a security hole ?
Thanx
PMc
--
SLUG - Sydney Linux Users Group Mailing List - http://www.slug.org.au
To unsubscribe send email to [EMAIL PROTECTED] with
unsubscribe in the text
--
SLUG - Sydney Linux Users Group Mailing List - http://www.slug.org.au
To unsubscribe send email to [EMAIL PROTECTED] with
unsubscribe in the text
