[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] Hacked? Telnet gone, SSH gone, strange ports open

Subject: [cobalt-users] Hacked? Telnet gone, SSH gone, strange ports open
From: "Juan Carlos Murillo" <murillo@xxxxxxxxxxxxxxxxx>
Date: Fri May 18 10:21:13 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Hello all,

We are running a RaQ3 and about a month ago our telnet prompt started
failing, it would display the OS info but not the login.  After reading the
archives for a while and not finding an answer we decided to install SSH.
Now SSH is gone too and we cannot get into the machine other than from ftp.
I have run a port scan against our machine and got the following ports open:

21 FTP
25 SMTP
53 Domain
79 Finger  ??
80 WWW
81 Hosts2-NS
110 POP3
143 IMAP
444 SNPP    ??
514 SHELL - Automatic Remote Process Execution ????????????????????????????
1008 UFSD   ??

NO SSH port.  An we have this weird 514 port open.

What should I be looking for to determined if the server was compromised?

TIA

Depeupleur

Follow-Ups:
- RE: [cobalt-users] Hacked? Telnet gone, SSH gone, strange ports open
  - From: d e p e u p l e u r
- RE: [cobalt-users] Hacked? Telnet gone, SSH gone, strange ports open
  - From: d e p e u p l e u r
- [cobalt-users] RE: Hacked? Telnet gone, SSH gone, strange ports open
  - From: Juan Carlos Murillo
- RE: [cobalt-users] Hacked? Telnet gone, SSH gone, strange ports open
  - From: d e p e u p l e u r

Prev by Date: Re: [cobalt-users] RaQ3 - relaying & blacklisting
Next by Date: Re: [cobalt-users] Samba
Previous by thread: [cobalt-users] private nameserver to virtual host
Next by thread: RE: [cobalt-users] Hacked? Telnet gone, SSH gone, strange ports open

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index