[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] HaQ'd? Or not? Lion tracks...

Subject: Re: [cobalt-users] HaQ'd? Or not? Lion tracks...
From: flash22@xxxxxxx
Date: Wed Apr 4 16:42:44 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

On Wed, 4 Apr 2001, Jay Jennings wrote:

> I got home tonight and found two bounced pieces of email -- one was a Local
> Configuration Error and the other was a Data Format Error. Attached to those
> error messages was an email from Lion that said my server (a RaQ3) was
> hacked. The letter also gave "instructions" on un-hacking the server (I

Does your machine handle mail for any other domain? It may have gotten
forwarded....Data Format Error happens with some spam tricks too, so it
may well be forged...

And Local Configuration Error is often sendmail's way of complaining about
domain name weirdness...

> My first stop was the archives where I found out about Lionfind. I ran it
> and it says, "To the best of my knowledge the Lion worm is NOT on this
> filesystem."

try chkrootkit too , just in case it's one thing pretending to be another

> 
> So, how do I know if I was hacked or not? I'm not doing my own DNS, but I
> got to thinking that I have no idea whether BIND is still active on my box
> (newbies, sheesh!), so I guess it's possible, but since Lionfind says no...

try to telnet to port 53 on your machine and see if it connects....

gsh

Follow-Ups:
- RE: [cobalt-users] HaQ'd? Or not? Lion tracks...
  - From: Jay Jennings

References:
- [cobalt-users] HaQ'd? Or not? Lion tracks...
  - From: Jay Jennings

Prev by Date: Re: [cobalt-users] ftp timeout
Next by Date: [cobalt-users] DNS Settings and PTR Records
Previous by thread: [cobalt-users] HaQ'd? Or not? Lion tracks...
Next by thread: RE: [cobalt-users] HaQ'd? Or not? Lion tracks...

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index