[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] Re: [cobalt-users] ssh on port 44658???

Subject: RE: [cobalt-security] Re: [cobalt-users] ssh on port 44658???
From: "Drage, Nicholas" <nickd@xxxxxxxxx>
Date: Tue Apr 17 08:38:09 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Hi,

( apologies for not replying to the original email, I no longer subscribe to
cobalt-users, far too much traffic )

> On Mon, 16 Apr 2001, Loryan Strant wrote:

> > While doing a routine portscan of my RaQ4, I noticed that 
> > port 44658 is running SSH 1.5-1.2.27.
> >
> > I know for a fact that I didn't set that up, as I'm running 
> > OpenSSH 2.1.1 on a completely different port.
> >
> > Does anyone have any ideas as to what this is?

There is a > 99% chance it is a backdoor put in by a hacker after
compromising your machine.  Take your RaQ off the network, backup
everything, re-install.  If your RaQ is on someone else's network then grab
lsof and look for programs that are possibly called sshdu, otherwise see
what's listening on that port, kill them.  Then backup your files, and have
the box reinstalled.

Note that netstat has quite possibly been replaced by a doctored version
that won't show up the dodgy s/w running, so I wouldn't trust its output.

-- 
Nick Drage - Security Architecture - Demon Internet - Laptop

-rw-rw-rw- the file permissions of the beast

Prev by Date: RE: [cobalt-users] [MASTER CD] [WHY ??] MAKE YOUR OWN QUBIC DISTRO
Next by Date: [cobalt-users] RaQ3 Backup problems...
Previous by thread: RE: [cobalt-users] [MASTER CD] [WHY ??] MAKE YOUR OWN QUBIC DISTRO
Next by thread: RE: [cobalt-security] Re: [cobalt-users] ssh on port 44658???

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index