Hello all, Over the last couple of days, a Debian 2.2r4 box I work on appears to have been infected by a Trojan. I have since upgraded SSH which I think was the leak.
I have done an NMAP on the box. I have removed the known services from the output, shown below are the results. Port State Service 139/tcp filtered netbios-ssn - I don't have Samba 515/tcp filtered printer - no lpr as far as I'm aware 1080/tcp filtered socks - no socks as far as I'm aware 2003/tcp filtered cfingerd - the binary for this one is on the server, but is not enabled in Inetd 2049/tcp filtered nfs - No NFS 12345/tcp filtered NetBus 12346/tcp filtered NetBus I have search high and low, even tried re-installing the procps package, looking for any clues, but am unable to find anything. Does anyone have any helpful information or where I can get a removal script for this? Your help would be greatly appreciated. Stephan Borg Osgiliath P/L (ACN: 095 048 981) Mobile: 0402 789 788 Email: mailto:[EMAIL PROTECTED] _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
