[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] Hacked?? Telnet Connected But Not Activated?

Subject: [cobalt-users] Hacked?? Telnet Connected But Not Activated?
From: Wayne Sagar <wsagar@xxxxxxxx>
Date: Wed Apr 18 13:07:59 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Don't want to be crying wolf.. but I was logged in and did a netstat and
noticed a telnet established connection... bad thing is, telnet is turned
off and I use ssh... there were several lines with same host and message.
(wish I'd have saved it) I quickly took the machine off line but had to put
it back on due to it being an active server... (telnet user was no longer
connected nor did they come back in the two hours I watched after that)

Would anyone have any idea where to look for this instance of telnet
running when I've got it turned of... No logs show any activity, nor does
any any of the recorded keystrokes in the /root folder file (which I can
not remember the name of) that records every move that, at least, I've made
in the last month... 

I know, this sounds like a hack.. but if anyone can point me where to look
and for what to possibly find and nuke this...

I have portsentry and the reporting program running and have seen nothing
of any telnet connections on it.. 

<sigh> 
TIA
Wayne Sagar

Follow-Ups:
- Re: [cobalt-users] Hacked?? Telnet Connected But Not Activated?
  - From: Danny Daniels
- Re: [cobalt-users] Hacked?? Telnet Connected But Not Activated?
  - From: elmer

Prev by Date: Re: [cobalt-users] ![MASTER-CD]!
Next by Date: [cobalt-users] OT: Best Registrar?
Previous by thread: RE: [cobalt-users] Fw: Front Page error
Next by thread: Re: [cobalt-users] Hacked?? Telnet Connected But Not Activated?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index