I agree that the machine has been compromised, thus my queries, but there
was nothing more that I could find than what I have already reported.
These symptoms do not seem to match anything that I have read about Ramen's
footprint. I have searched www.cert.org and reported it to them as well.
Dennis
-----Original Message-----
From: Alan Lee <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Date: Sunday, 21 January 2001 20:53
Subject: Re: [SLUG] inetd.conf query
>Um
>
>Do a "netstat -l -n" and see what ports are open. (Mainly high ports, ie,
>16000)
>
>If you see any weird ones, from an external machine, telnet to them and see
>what happens.
>
>I think your box may have been root'ed or something...
>
>
>Regards, Alan Lee
>
>
>----- Original Message -----
>From: <[EMAIL PROTECTED]>
>To: "Howard Lowndes" <[EMAIL PROTECTED]>
>Cc: <[EMAIL PROTECTED]>
>Sent: Sunday, January 21, 2001 8:41 PM
>Subject: Re: [SLUG] inetd.conf query
>
>
>> No...just new entries in my inetd.conf file that I didn't put there
>>
>>
>>
>> --
>> SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
>> More Info: http://slug.org.au/lists/listinfo/slug
>>
>
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
