[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Recent Hacks - Continues

Subject: Re: [cobalt-users] Recent Hacks - Continues
From: flash22@xxxxxxx
Date: Wed Feb 14 00:21:27 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

On Sat, 10 Feb 2001, fastmedia wrote:

> 
> 
> i've just run nmap (insecure.org has been down all day??) and my machine has
> the following DoS tools, and apparently Elite is probably Back Orifice:
> 
> 27665/tcp  filtered    Trinoo_Master
> 31337/tcp  filtered    Elite
> 
> 
> anybody with any experience ridding these?  I've found some C code but...
> 
> these are probably what was in the crtz.o etc files

Have you rebooted that machine? you can't get rid of crtz without
rebooting (it's a kernel module)

lsof or fuser should tell you where the program is that's holding those
ports, if it's a program and not that stupid module...

References:
- [cobalt-users] Recent Hacks - Continues
  - From: fastmedia

Prev by Date: Re: [cobalt-users] RAQ3 Using two domains on one virtual site is ok but can I use bo th domains for email?
Next by Date: Re: [cobalt-users] /etc/aliases
Previous by thread: [cobalt-users] Recent Hacks - Continues
Next by thread: [cobalt-users] RaQ4.. TOP report .. What is ' .bd ' ?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index