[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Interface Promiscuous Mode and FTP Hacks

Subject: Re: [cobalt-users] Interface Promiscuous Mode and FTP Hacks
From: flash22@xxxxxxx
Date: Fri Feb 16 01:03:19 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

On Fri, 16 Feb 2001, Craig Napier wrote:

> With chkrootkit I get a message that each of my eth are in promiscuous 
> mode... What does this mean (I know not good), and can it be switched back. 

Promiscous mode means the network card is listening on all possible IP
addresses instead of just the ones it's supposed to , almost certainly
another trojan type thinggy, check inetd.conf for more things that
shouldn't bee there, netstat -a may help, funny open ports are a clue..

(nothing in netstat should be type 'raw'...)

> Also, if named is corrupted (bad md5sum) can it be replaced? I've stripped 

Reload the update rpm should replace the binary, make sure you don't have
'additions' to the zone files, seen that a few times ...

After rebuilding did you change ALL the passwords on the box? remember
whoever had root access could easily have read your password file (root
can read shadow) and cracked a few passwords to get back in later...

There's a lot to be said for remote logging ;) also make sure port 515 is
closed ...

[snip]

gsh

Follow-Ups:
- Re: [cobalt-users] Interface Promiscuous Mode and FTP Hacks
  - From: chris
- Re: [cobalt-users] Interface Promiscuous Mode and FTP Hacks
  - From: chris

References:
- [cobalt-users] Interface Promiscuous Mode and FTP Hacks
  - From: Craig Napier

Prev by Date: Re: [cobalt-users] Reset serial Numbers in DNS to 1??
Next by Date: Re: [cobalt-users] Frontpage
Previous by thread: [cobalt-users] Interface Promiscuous Mode and FTP Hacks
Next by thread: Re: [cobalt-users] Interface Promiscuous Mode and FTP Hacks

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index